Intel ID:  INTEL-SA-00086 
Product family:  Various 
Impact of vulnerability:  Elevation of Privilege 
Severity rating:  Important 
Original release:  Nov 20, 2017 
Last revised:  Dec 22, 2017  

https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00086&languageid=en-fr

Summary:  

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.

As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

Description: 

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 6.x/7.x/8.x/9.x/10.x//11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

 

Affected products:  

 
•1st, 2nd, 3rd, 4th, 5th, 6th, 7th & 8th Generation Intel® Core™ Processor Family
•Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
•Intel® Xeon® Processor Scalable Family
•Intel® Xeon® Processor W Family
•Intel® Pentium® Processor G Series
•Intel® Atom® C3000 Processor Family
•Apollo Lake Intel® Atom Processor E3900 series
•Apollo Lake Intel® Pentium™
•Celeron™ G, N and J series Processors

Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).



  
 Disclaimer:

INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” IN CONNECTION WITH INTEL® PRODUCTS. YOUR USE OF THE INFORMATION IN THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. INTEL RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. EXCEPT AS PROVIDED IN INTEL’S TERMS AND CONDITIONS OF SALE FOR SUCH PRODUCTS, INTEL ASSUMES NO LIABILITY WHATSOEVER, AND INTEL DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO SALE AND/OR USE OF INTEL PRODUCTS INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED BY THIS DOCUMENT.