Gigabyte starts to rolls out updates to address Intel’s ME and TXE vulnerabilities

Gigabyte starts to rolls out updates to address Intel's ME and TXE vulnerabilities

Gigabyte starts to rolls out updates to address Intel’s ME and TXE vulnerabilities

In recent weeks, it has been discovered that Intel’s management Engine runs on an OS called MINIX, an OS that was never designed to be used for security. The discovery of Intel’s use of this OS has lead to several exploits being uncovered, including vulnerabilities within Intel’s Mangement engine (ME), Intel’s Server Platform Services (SPS) and Intel’s Trusted Execution Engine (TXE). 

While Intel’s use of this OS was completely legal, the creator of the OS, Professor Andrew Tanenbaum, was unaware that Intel has used his OS so widely and is concerned about the security implications of using an OS that was never designed for that use case. Professor Tanenbaum’s open letter to Intel can be read here. 
  

Intel has now conducted a full security review on their Mangement Engine, Trusted Execution Engine and Server Platform Services, finding several vulnerabilities that can be fixed through BIOS updates and changes to their ME and TXE drivers. 

Gigabyte has now stated that they have started rolling out new BIOS files of Z370 and 200-series motherboards that include these fixes, with patches for other affected motherboards coming soon. 

   In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Affected products:

– 6th, 7th & 8th Generation Intel® Coreâ„¢ Processor Family
– Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
– Intel® Xeon® Processor Scalable Family
– Intel® Xeon® Processor W Family
– Intel® Atom® C3000 Processor Family
– Apollo Lake Intel® Atom Processor E3900 series
– Apollo Lake Intel® Pentiumâ„¢
– Celeronâ„¢ N and J series Processors

Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).

This includes scenarios where a successful attacker could:

– Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
– Load and execute arbitrary code outside the visibility of the user and operating system.
– Cause a system crash or system instability.

Gigabyte starts to rolls out updates to address Intel's ME and TXE vulnerabilities

 

  

Intel has now released a tool that can detect whether or not your system is vulnerable to these exploits. This tool is available for both Windows and Linux and can be downloaded here. 

Gigabyte will be delivering new BIOS files and driver updates for affected products on their website, though it is expected to take some time before all affected products have been patched with this vital security update.   

You can join the discussion on Gigabyte’s new BIOS security updates on the OC3D Forums. 

Gigabyte starts to rolls out updates to address Intel's ME and TXE vulnerabilities

Gigabyte starts to rolls out updates to address Intel’s ME and TXE vulnerabilities

In recent weeks, it has been discovered that Intel’s management Engine runs on an OS called MINIX, an OS that was never designed to be used for security. The discovery of Intel’s use of this OS has lead to several exploits being uncovered, including vulnerabilities within Intel’s Mangement engine (ME), Intel’s Server Platform Services (SPS) and Intel’s Trusted Execution Engine (TXE). 

While Intel’s use of this OS was completely legal, the creator of the OS, Professor Andrew Tanenbaum, was unaware that Intel has used his OS so widely and is concerned about the security implications of using an OS that was never designed for that use case. Professor Tanenbaum’s open latter to Intel can be read here. 
  

Intel has now conducted a full security review on their Mangement Engine, Trusted Execution Engine and Server Platform Services, finding several vulnerabilities that can be fixed through BIOS updates and changes to their ME and TXE drivers. 

Gigabyte has now stated that they have started rolling out new BIOS files of Z370 and 200-series motherboards that include these fixes, with patches for other affected motherboards coming soon. 

   In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Affected products:

– 6th, 7th & 8th Generation Intel® Coreâ„¢ Processor Family
– Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
– Intel® Xeon® Processor Scalable Family
– Intel® Xeon® Processor W Family
– Intel® Atom® C3000 Processor Family
– Apollo Lake Intel® Atom Processor E3900 series
– Apollo Lake Intel® Pentiumâ„¢
– Celeronâ„¢ N and J series Processors

Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).

This includes scenarios where a successful attacker could:

– Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
– Load and execute arbitrary code outside the visibility of the user and operating system.
– Cause a system crash or system instability.

Gigabyte starts to rolls out updates to address Intel's ME and TXE vulnerabilities

 

  

Intel has now released a tool that can detect whether or not your system is vulnerable to these exploits. This tool is available for both Windows and Linux and can be downloaded here. 

Gigabyte will be delivering new BIOS files and driver updates for affected products on their website, though it is expected to take some time before all affected products have been patched with this vital security update.   

You can join the discussion on Gigabyte’s new BIOS security updates on the OC3D Forums.Â