24 November 2017
Intel Releases Updates to Close ME, SPS and TXE Vulnerabilities
Intel has released updates that eliminate serious vulnerabilities in Management Engine (ME), Server Platform Services (SPS) and Trusted Execution Engine (TXE) technologies. The vulnerabilities discovered affect systems that use ME with firmware versions 11.0, 11.5, 11.6, 11.7, 11.10 and 11.20, as well as SPS with firmware version 4.0 and TXE version 3.0.
According to Intel’s advisory, the vulnerabilities impact the following Intel products:
- 6th, 7th & 8th generation Intel Core processor family;
- Intel Xeon processor E3-1200 v5 & v6 product family;
- Intel Xeon processor scalable family;
- all Xeon W processors;
- Intel Atom C3000 processor family;
- Apollo Lake Intel Atom processor E3900 series;
- Apollo Lake Intel Pentium;
- Celeron N and J series processors.
In total, eight Moderate and High severity level vulnerabilities – from 6.7 to 8.2 on the CVSS scale – have been identified. The most serious of these is CVE-2017-5705, found in ME. This vulnerability allows arbitrary code to be executed locally. Similar issues have been identified in Intel SPS (CVE-2017-5706) and the TXE component (CVE-2017-5707).
The ME technology has also proved to be affected by several buffer overflow issues, including: privilege escalations (CVE-2017-5708) and local (CVE-2017-5711) and remote (CVE-2017-5712) execution of arbitrary code with AMT (Active Management Technology) execution privilege.
Additionally, TXE is affected by a privilege escalation vulnerability (CVE-2017-5710), while multiple privilege escalations in kernel in SPS allow an unauthorized process to access privileged content (CVE-2017-5709).
Successful exploitation of these vulnerabilities could enable an attacker to impact the validity of local security feature attestation, execute arbitrary code without being detected by the user or the operating system, and crash the system or make it unstable.
Intel has released patches to close all the above vulnerabilities. The patches were developed for vendors, who now need to integrate them into their products. Links to resources on relevant vulnerability updates by Acer, Dell, Fujitsu, Lenovo, Panasonic and other vendors can be found on Intel’s technical support page.
Additionally, Intel has developed a detection tool that can be used to scan Windows and Linux computers for these vulnerabilities.
According to Kaspersky Lab ICS СERT researchers, vulnerabilities in Intel products affect industrial equipment – primarily SCADA server hardware and industrial computers that use affected processors. Examples include Automation PC 910, Nuvo-5000 and the GE Automation RXi2-XP product line. The vulnerabilities also affect Siemens industrial solutions, in which other vulnerabilities related to Intel technologies have previously been found. However, so far none of the industrial solution vendors has officially stated that its products are affected by the above vulnerabilities.
Curiously, many industrial solutions still use previous generations of Intel processors, which are not affected by the newly-identified security issues. Specifically, among Rockwell Automation industrial computers these vulnerabilities do not affect Integrated Display Computers or 750R & 1450R Non-Display Computers series, which use 4th and 2nd generation Intel Core processors, respectively. Kaspersky Lab ICS СERT experts recommend contacting equipment vendors to find out whether specific systems manufactured by them are vulnerable.