Another day, another security fix released by Intel.
In a blog post, Positive Technologies has detailed four different vulnerabilities found in the Intel Management Engine. The fixes for these flaws were pushed in the early July.
It’s worth noting that the flaws found are similar to the ones reported by the security firm last year. Those massive flaws gave attackers a deep level of access to the processes running on the device.
Similarly, the newer flaws could allow an attacker to execute arbitrary code in the Active Management Technology environment–without needing admin access to the AMT account.
Talking specifically about the flaws, the first one is CVE-2018-3627. Described as a logic bug, this easily exploitable bug allows code execution. CVE-2018-3628 is the more dangerous sibling which enables comprehensive remote code execution in the AMT process; it’s also identified as a “Buffer overflow in HTTP handler.”
The other two bugs are CVE-2018-3629, which is a buffer overrun in AMT’s event handler, and CVE-2018-3632, which is a memory corruption bug. You can read more about these bugs in the blog post here.
When it comes to the processors which will benefit from the patches released by Intel, the Intel 1st, 2nd, and 3rd Gen CPUs will remain unfixed, according to The Register. This is due to the fact that Intel doesn’t support these older CPUs anymore.
Various OEMs have already started releasing patches from their end and you’re advised to contact your PC maker for the same.