Several security researchers have discovered critical vulnerabilities in the Intel processors which can allow hackers to remotely gain full access to a targeted computer. The Management Engine (ME), Server Platform Service (SPS) and Trusted Execution Engine (TXE) were found to contain some serious security flaws.
Using these vulnerabilities hackers can remotely launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015.
Furthermore, the vulnerability doesn’t depend on the Operating System since the attacker has the privilege to run his code even before the OS starts.
Most of the vulnerabilities require physical access to the targeted device, but one allows remote attacks with administrative access.
Ankush Johar, director at Infosec Ventures, said: "These vulnerabilities, if leveraged by attackers, can lead to serious damage for individuals as well as organisations. Individuals are advised to update their firmware as Intel has released a number of patches in order to fix these vulnerabilities.
"Furthermore, Intel has also released a Detection Tool for Windows and Linux users to check if their systems have been exposed to these vulnerabilities.
Detection Tool Link - https://downloadcenter.intel.com/download/27150
"For an organisation, it is highly advised to enable their Network-based firewall as if affected machines are left out in the open, malicious attackers will be able to cause havoc by penetrating the entire internal networks and own each and every device connected.
"Moreover, even after a network firewall, organisations are still open to insider threats and the only solution is to deploy the patches immediately. Any device that isn’t patched should be detached from the network physically to avoid insider as well as outsider threats.
"No Antiviruses/Anti-malware will be able to detect such an attack because the vulnerability gives the attacker the power to run his code even before the OS loads. This means whether it’s Mac, Windows or Linux, all can be compromised. PATCH IMMEDIATELY!"