Image Credit: WindowsLatest.com

According to a security bulletin released by United States Computer Emergency Readiness Team (US-CERT) confirms that Intel’s Modern processors have been found to be vulnerable to hackers. Intel confirm the bulletin stating that the issue pertains to a wide range of its products.

The products include Intel’s 6th Skylake, 7th Kaby Lake and 8th generation Kaby Lake R chips with Xeon E3-1200 v5 and v6, Xeon Scalable family and Xeon W family. Some of the Lower powered chips are also effected with the issues, the list includes Apollo Lake Atom and Pentium chips along with Celeron N and J processors.

Below is the list of Engine versions which include the exploits:

CVE ID CVE Title CVSSv3 Vectors
CVE-2017-5705 Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. 8.2 High

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2017-5708 Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector. 7.5 High

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

CVE-2017-5711 Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. 6.7 Moderate

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVE-2017-5712 Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. 7.2 High

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

The vulnerabilities pertaining to the Server Platform Service are given below:

CVE ID CVE Title CVSSv3 Vectors
CVE-2017-5706 Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code. CVSS 8.2 High

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2017-5709 Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector. CVSS 7.5 High

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

With the number of vulnerabilities and versions being huge, Intel has decided to offer a Detection Tool which can be used to find out if your PC is affected by the above issues. Also the company recommends you to check with the OEM regards to the updated firmware for your device.

Download the Detection Tool from this link. 

About The Author

Akshay Waghray

Akshay Waghray, who holds a degree in Computer Science, was a former technology news reporter for Windows Latest and his area of expertise include Windows. Articles contributed by Akshay have been referred by big publications such as TechRadar, XDA Developers, Future Inc, Purge, and others over the years. At Windows Latest, Akshay has written and edited thousands of articles using his decades long experience with Windows Server and Windows Update for Business.