Researcher Finds Intel's Previous Management Engine Patches Weren't Foolproof
Intel has had a challenging time lately on the vulnerability front. Computer security researchers have dug deeply into the chip manufacturer's wares, finding vulnerabilities such as
Meltdown,
Spectre and
Foreshadow, all of which proved to be difficult to fix or mitigate.
Now, another problem has emerged. Intel has patched a very serious firmware vulnerability, CVE-2018-3655, which could potentially leak encryption keys stored inside its
Management Engine. The ME is a crucial microchip with code that brokers communications between a processor and external devices and helps with power management as well as starting up a computer's main processor.
Here's Intel's list of affected components and the new, post-patch firmware version numbers:
...
....
.......