World’s largest and highest valued chip manufacturer, Intel, which is 48 years old and worth $113 billion with revenues of $59 billion last year, has admitted a massive security failure.
In an ‘urgent’ security update released yesterday, Intel has said that every enterprise PC powered by Intel, sold in the last 10 years, is vulnerable to hacking. This is serious, and most probably biggest security failure reported and admitted by Intel.
Millions of enterprise computers, starting from 2008, and powered by Intel’s three most important technology platforms: Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability have been declared as vulnerable, and prone to hacking.
Enterprise users have been asked to update their systems with the patches provided by Intel as soon as possible.
The security update from Intel clearly mentions the fact that no consumer PC has been affected, and no data centre servers, powered by Intel Server Platform Services are affected.
What Is The Vulnerability Of Intel Based Enterprise PCs?
Management Engine (not CPU firmware) of Intel’s three most popular enterprise platforms: Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability have a security hole, using which hackers can remotely control the enterprise PCs, and wreak havoc.
Intel, in their security update, said, “There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.”
Thus, this security hole can be theoretically found in every Intel enterprise platform, right from Nehalem, shipped in 2008 to recent Core processors. Every enterprise PC powered with versions 6.0 through 11.6 of Intel’s manageability firmware are now vulnerable to hacking.
Now, if we observe the main usage of Intel Active Management Technology, then it is used by system administrators of large organisations to remotely track, manage and secure thousands of connected PCs. For example, Walmart may be using such enterprise PCs to monitor thousands of retail checkout systems, controlled via one main hub.
If hacked, a hacker can take control of the whole fleet of computers, and then can manipulate or steal data, as per his wish.
Note here, that Intel has already said, “We are not aware of any exploitation of this vulnerability,”
Intel Offers Solutions; Asks Enterprise Users To Update Immediately
In their security advisory, Intel has strongly pushed for an overall security check for all enterprise PC users, and update their firmware as soon as possible.
First of all, Intel asks all users to check whether they have Intel AMT, Intel SBA or Intel ISM processors in their systems, by visiting here. If the users don’t have these Intel platforms, there is nothing to worry. (but, some security analysts are saying that even if these Intel processors are not present, the threat is always there.)
Then, Intel asks to download detection guide, to determine whether their PCs have that impacted firmware or not.
You can find the complete Intel’s guide to detect and mitigate this security threat here.
As per PC World, disabling or removing a Windows service called Local Manageability Service can also reduce the vulnerability of this threat.
We will keep you updated as we receive more information regarding this massive security breach.