The U.S. Department of Homeland Security on Tuesday urged businesses to act on an Intel alert about security flaws in some processors.
A day earlier, Intel said it had identified security vulnerabilities in the firmware of the Management Engine, Server Platform Services, and Trusted Execution Engine, that shipped with eight types of processors used in business computers sold by Dell, Lenovo, HP, Hewlett Packard Enterprise and other manufacturers.
The affected CPUs are the following:
- 6th, 7th & 8th Generation Intel Core Processor Family
- Intel Xeon Processor E3-1200 v5 & v6 Product Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor W Family
- Intel Atom C3000 Processor Family
- Apollo Lake Intel Atom Processor E3900 series
- Apollo Lake Intel Pentium
- Celeron N and J series Processors
It was not clear how difficult it would be to exploit the vulnerabilities to launch attacks. For a remote attack to succeed, a vulnerable machine would need to be configured to allow remote access, and a hacker would need to know the administrator's user name and password. Attackers could break in without those credentials if they have physical access to the computer.
Intel said that it knew of no cases where hackers had exploited the vulnerability in a cyber attack.
The Department of Homeland Security advised computer users to use a software tool released by Intel, which checks whether a computer has a vulnerable chip. It also urged them to contact computer makers to obtain software updates and advice on strategies for mitigating the threat.
Intel has provided software patches to fix the issue to all major computer manufacturers.