Chip manufacturer Intel has fixed a bug that has plagued its CPUs for a decade. After 10 years trying to mend the problem, Intel has finally released a patch to fix a flaw that gives cybercriminals a way to breach vulnerable networks.
The remote management flaw has given hackers the opportunity to fully take control of the computers running on the vulnerable networks for the best part of a decade, according to an advisory briefing published by Intel yesterday afternoon. The bug resides in the chipmaker’s Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability chips. The bug doesn’t affect Intel chips running on consumer PCs.
Intel has now rated the vulnerability of bug-ridden systems as critical and is urging customers using the compromised CPUs to install the firmware patch as soon as possible. A spokesman for the company said: “There is an escalation of privilege vulnerability in Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.
“There are two ways this vulnerability may be accessed please note that Intel Small Business Technology is not vulnerable to the first issue. An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology and Intel Standard Manageability.
“An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology.”
Effectively, every Intel platform from Nehalem to Kaby Lake had a remotely exploitable security hole that had gone unfixed for a decade. Researchers have suggested that the flaw can only be exploited over the internet when Intel’s AMT service was enable and provisioned inside a network.