Security News > 2020 > March > This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years

This Unpatchable Flaw Affects All Intel CPUs Released in Last 5 Years
2020-03-06 12:47

All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.

Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU. It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.

Although this insufficient access control vulnerability is not new and was previously patched by Intel last year when the company described it just as a privilege escalation and arbitrary code execution in Intel CSME firmware modules, the extent of the flaw remained undervalued.

"Intel's security is designed so that even arbitrary code execution in any Intel CSME firmware module would not jeopardize the root cryptographic key," the researchers said.

"Unfortunately, no security system is perfect. Like all security architectures, Intel's had a weakness: the boot ROM, in this case. An early-stage vulnerability in ROM enables control over reading of the Chipset Key and generation of all other encryption keys." "We believe extracting this key is only a matter of time. When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted." Therefore, the security patches released by Intel are incomplete and can not entirely prevent sophisticated attacks, leaving millions of systems at the risk of digital attacks that are nearly impossible to detect and patch.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/Q1ioFgpK0n0/intel-csme-vulnerability.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Intel 6314 31 755 708 45 1539