Researchers have raised concerns for Intel’s Management Engine feature for a while now due to the features’ vulnerable nature. Although the feature is usefull for IT managers, it requires system access which is a possible concern for security researchers.
For example, if the Management Engine is compromised, it can give an attacker complete control of a system. Recently, several groups discovered bugs in the feature. Following the revelation, Intel confirmed that vulnerabilities in fact exist in Management Engine. Following an audit, Intel revealed that not only the Management Engine but also remote server management tool Server Platform Services are vulnerable to attacks.
Reports suggested that Intel’s recent chips, both Kabylake and Coffeelake processors are vulnerable to possible attacks. While Intel is expected to release firmware update in the coming days, it will be up to PC component manufacturers to update clients’ devices.
Talking about the latest issue, Intel revealed a statement to address the situation. The company wrote, “Businesses, systems administrators, and system owners using computers or devices that incorporate these Intel products should check with their equipment manufacturers or vendors for updates for their systems, and apply any applicable updates as soon as possible.”