How many operating systems are running on your Intel machines? Probably more than you might think. There’s the BIOS/UEFI system used to boot most systems, for starters, which is essentially an operating system. And then, of course, there’s the main operating system most users are familiar with including Windows or Linux.
Underneath the hood of most new Intel processors is another operating system called the Intel Management Engine (ME). It has at least 11 major security flaws in it according to this report.
At this point, the ME issue affects the 6th, 7th, and 8th Generation Intel Core family; the Xeon Processor E3-1200 v5 and v6 family; the Xeon Processor Scalable family; the Xeon Processor W family; the Atom C3000 Processor family; the Apollo Lake Intel Atom Processor E3900 series; the Apollo Lake Intel Pentium series; and the Celeron N and J series.
Intel has provided a detection tool for Windows and Linux that will indicate whether a chip has the identified issues. Fixes have been released by Intel through a number of vendors whose BIOS/UEFI updates address the problem. There is also an undocumented process for disabling ME.
Flaws in firmware or software are not uncommon, but ME has been an issue because it is essentially hidden. It’s actually a version of the MINIX operating system plus applications for managing the chips services. Researchers had warned about problems with ME, as well as Intel’s approach to using it in chips, for a number of years.
ME is not the only security platform at issue for Intel. Its Active Management Technology (AMT), found on the Pro version of chips, provides remote management support that bypasses any running operating system. There are flaws in that as well. Firmware updates can address many of these issues, but, like the ME issues, users must identify the problems and install the appropriate firmware updates. This is usually impossible from