Intel announced a vulnerability in its processors that affects most PC’s and servers sold within the last 2-3 years. This elevation of privilege flaw is considered “important” and impacts Intel’s 6th, 7th & 8th Generation Intel® Core™ Processor Family as well as some Xeon, Atom and Celeron processors. A successful attacker could “load and execute arbitrary code outside the visibility of the user and operating system.” That’s not good, as no antivirus would be able to catch it.
Ars Technica states, “Most of the vulnerabilities require physical access to the targeted device, but one allows remote attacks with administrative access.” (The computer would have to be configured to allow remote access, and the attacker would have to know the administrator’s user name and password.) The US computer Emergency Readiness Team (US-CERT) is recommending businesses check for the vulnerability and update as soon as possible. The fix will be a firmware update that is available on your PC manufacturer’s website.
Dell has acknowledged that more than 100 systems have been affected. Lenovo also has a large number of vulnerable units. Here are vulnerability lists for Acer and Fujitsu. HP doesn’t seem to have a list of vulnerable PC’s on its website. However, one of our techs was able to update his HP laptop to fix the issue. That firmware was released Oct 17, 2017. This suggests a responsible and coordinated disclosure–first to the vendor, then to the manufactures, lastly to the public. We know the above lists are long. Here’s an easier way to check…
How Do I Check for the Intel Vulnerability?
- Download the INTEL-SA-00086 Detection Tool here: https://downloadcenter.intel.com/download/27150
- Scroll down to the button “SA00086_Windows.zip”
- Save the zipped file to your PC
- Extract the file (right-click > Extract All…)
- Navigate to the DiscoveryTool.GUI folder and double-click the Intel-SA-00086-GUI Application file (it has the Intel icon).
The tool will run and let you know if your PC is vulnerable or not.
My PC Is Vulnerable. How Do I Fix It?
Some PC’s come with manufacturer’s update software pre-installed. See if any of these programs are installed, then run them:
- Dell Update Application
- HP Support Assistant
- Lenovo System Update
If they don’t provide an update that mitigates the vulnerability, check your manufacturer’s support website. Locate your model. Look for driver updates. Try to find any updates for Chipset that might allude to Intel Management Engine or “ME” firmware update.
Once you’ve installed the update, run the INTEL-SA-00086 Detection Tool again. Here’s hoping you get this result: