Intel Patches High-Severity Flaw in Security Engine

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Intel is warning of a high-severity flaw in the firmware of its converged security and management engine (CSME), which if exploited could allow privilege escalation, denial of service and information disclosure.

CSME powers Intel’s Active Management System hardware and firmware technology, used for remote out-of-band management in consumer or corporate PCs, Internet of Things (IoT) devices, and workstations.

The subsystem of CSME has an improper authentication bug (CVE-2019-14598), which has a CVSS score of 8.2 out of 10.0, making it high severity. A privileged user, with local access, could exploit the flaw to launch an array of attacks, according to Intel.

“Intel recommends updating to Intel CSME versions 12.0.49, 13.0.21, and 14.0.11 or later provided by the system manufacturer that addresses these issues,” according to Intel’s advisory. “Intel recommends IOT customers using Intel CSME version 12.0.55 to update to 12.0.56 or later provided by the system manufacturer that addresses these issues.”
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Geez, Intel, my motherboard was already end of life months ago! 😡 🤜 👃

It seems not even the Trusted Platform Module's firmware can be upgraded on devices within the past five years. One thing I gleaned: in order for a successful exploit, one is already targeted and/or advanced malware/rootkit is already running w/elevated privileges.

Not replacing my hardware because of this. And the article says that's exactly what one must do to avoid this.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
giphy.gif
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top