Intel has confirmed that a bug in its remote server management tool, known as Management Engine, which allows administrators of IT systems to remote access devices to apply updates or troubleshoot problems for users, allows unverified code to be run on Intel chipsets, so the intruder to gain control of devices.
The Management Engine bug affects most Intel chips, which are embedded in most servers, personal computers and IoT devices, which means millions of devices may be impacted.
Intel has advised that firmware updates are available, and “businesses, systems administrators, and system owners using computers or devices that incorporate these Intel products should check with their equipment manufacturers or vendors for updates for their systems, and apply any applicable updates as soon as possible.” Intel has published a list of available firmware updates on its website—called Intel® Management Engine Critical Firmware Update (Intel-SA-00086).
The list will be updated, and should be checked frequently to minimize the risk of this vulnerability to systems.