2023: Russian Computer Incident Tracking Center warns of dangerous vulnerability to data centers on Intel processors
The National Computer Incident Coordination Center (NCCC) has sent out warnings about a dangerous vulnerability (CVE-2023-31273) in Intel Data Center Manager (DCM) technology up to version 5.2, which allows arbitrary code to be executed on a remote system. Hazard assessment according to the CVSS 10 out of 10 classification, which indicates the ease of operation and the possibility of remote code execution. The vulnerability description says: "Incorrect use of security mechanisms" without disclosing details, and the NIST database states the following:
This vulnerability is currently being analyzed, and not all information is available. Please check back soon to view the full vulnerability summary. |
Intel DCM is a real-time tool for collecting data from thermal sensors installed on motherboards without deploying an expensive backup infrastructure using intelligent power distribution units. In particular, the technology is used in StruxureWare for Data Centers 2.0 by Schneider Electric, a fairly popular manufacturer of equipment for data centers in Russia. Monitoring and managing hardware with Intel DCM reduces the number of emergency power outages, but allows remote code execution.
Intel has released an update that fixes the vulnerability, but it is not available to Russian users - the company refuses to work with Russian customers. NCCCA recommendations are as follows:
This vulnerability is fixed by the official patch of the vendor. Due to the current situation and the imposed sanctions against the Russian Federation, we recommend installing software updates only after assessing all associated risks. |
So far, no information has been received about the exploitation of this vulnerability. There is also no information about the presence of exploits for it, however, it is worth providing an action plan in the event of attempts to exploit this vulnerability. If your company uses Intel DCM, it is recommended that you increase control over its behavior and upgrade to secure versions if possible.
2021: Holes in Intel processors allow you to seize control of a device
At the end of March 2021, it became known about new vulnerabilities in Intel processors that allow you to seize control of the device. Positive Technologies specialists Mark Ermolov and Dmitry Sklyarov and independent information security researcher Maxim Goryachy spoke about their find.
According to experts, undocumented capabilities allow you to modify the microcode and gain control over the processor and the entire system. Instructions can be activated remotely. But this is possible only in a special mode of operation of Red Unlock processors. Only Intel engineers should have access to it, Yermolov said.
In theory, the vulnerabilities found can be exploited by any attacker with the necessary information, Alexander Bulatov, commercial director of RuSIEM, told the publication. In this case, the hacker will receive a whole set of capabilities to manage the compromised system.
This can be both the simplest forced shutdown of the device, and flashing the processor with microcode that secretly performs certain tasks of the attacker, "Bulatov explained. |
Devices on the Intel platform, which is installed in netbooks, tablets, POS terminals and cash registers, were at risk. However, experts believe that similar undocumented capabilities can be present in all current Intel processors, which poses a serious potential threat.
The Intel solutions that led to the discovered instructions were not described in any documentation, Positive Technologies said. Some experts suggest that the company could create a backdoor, that is, provide for the ability of the processor manufacturer to gain hidden access to the user's system, bypassing security settings.[1]
2018
Intel offers up to $250,000 for vulnerabilities found in its products
Intel has launched a public reward program for vulnerabilities found in its software and hardware products, allowing it to receive up to $250,000 for a problem found. The company announced this in a press release[2][3].
Previously, Intel has already launched such programs, but participation in them was strictly limited. The new program, which will be held on the HackerOne platform, is available to everyone. Any security researcher with a HackerOne account will now be able to look for vulnerabilities in a number of Intel products, such as processors, chipset codes, SSDs, motherboards, network cards and their corresponding firmware, as well as OS-level drivers and applications. Depending on the danger of the problem found, researchers can receive from $500 to $250 thousand.
In fact, Intel has launched two vulnerability search programs at once. One of them is focused on finding common security problems and provides for a reward in the amount of $500 to $100 thousand. The second is a reward program for finding vulnerabilities that allow an attack on third-party channels. Researchers will be able to earn from $5 thousand to $250 thousand. This program is valid until December 31, 2018.
Disclosure of processor vulnerabilities to Chinese earlier than US authorities
At the end of January 2018, it became known that Intel notified some of its customers about processor vulnerabilities earlier than the American government.
According to The Wall Street Journal (WSJ), citing people familiar with the situation, among those who received information from Intel earlier than others were Chinese technology companies, including Lenovo and Alibaba Group.
Experts in the field interviewed by the publication cyber security fear that secret data could have come to the Chinese government before public publicity. However, there is no evidence that anyone abused information related to Intel products, the researchers note.
Since the vulnerabilities found can be used to collect confidential data from the cloud, information about them can be of great interest to any intelligence services, says former National Security Agency employee Jake Williams, who heads the information security company Rendition Infosec.
According to him, "mail for sure" Beijing knew about the conversations of Intel and Chinese technology partners, because the authorities constantly monitor this kind of interaction.
In addition to Chinese customers, the group of companies that Intel warned about vulnerabilities in the first place included American Amazon, Microsoft and British ARM Holdings.
Intel was supposed to make a public statement about the vulnerabilities on January 9, 2018, but the information got into the media a week earlier. Because of this, the company was unable to inform everyone it wanted in time, including the US authorities, an Intel spokesman explained to WSJ.
The company also said that a few months before the release of the data, Intel worked with Google, as well as with "key" computer manufacturers and cloud service providers to fix vulnerabilities.[4]
2017: Processor errors
Several processor series Intel have identified an error that leads to the "fall" of systems under the control Windows of and. [ Linux[5] affects the Kaby Lake, Skylake, Xeon v5, Xeon v6 series processors and some processor models Pentium and Core X v6.
F-Secure researchers have identified a serious problem with Intel Active Management Technology that can allow attackers to bypass local authorization tools on Intel-based laptops. Experts note that half a minute is enough to exploit this vulnerability and no specialized knowledge will be required. More on the incident here
2016: "Hole" in x86 chipsets, giving access to RAM and sending data over the Internet
On June 17, 2016, it became known that there was a hidden vulnerability in computers with Intel x86 processors. Thousands of PCs with Intel processors contain a hidden mechanism that cannot be verified[6]
This vulnerability is capable of providing access to RAM and sending data over the Internet, bypassing any firewalls. Users can only hope for the decency of Intel, which implemented this function, and believe in the ignorance of cybercriminals.
Damien Zammit, an independent researcher and developer, told the community about the vulnerability contained in a large number of personal computers with Intel x86 processors, which hackers can start exploiting at any time.
The problem is in Intel chipsets of the last few generations. It is a microcontroller that acts separately from the central processor, called the Intel Management Engine (Intel ME). Some foreign publications have described this component as an "enormous hole," given the possibilities it can offer attackers.
Intel ME is a separate microcomputer that controls the central processing unit (CPU). It runs its own firmware independently of the CPU and is able to continue to function even if the system is in "standby mode" - when power is supplied only to RAM.
In some chipsets, Intel ME is used to implement Intel Active Management Technology (AMT), which allows system administrators to remotely control personal computers. For this purpose, the microcontroller is directly connected to RAM and can access any of its areas without the knowledge of the operating system. The microcontroller has its own TCP/IP server and can exchange network packets through the network adapter of the computer with a remote server, bypassing any firewalls installed on the computer.
The Intel ME microcontroller cannot be accessed and there is no way to disable it. There is no way to check its firmware and what it is doing. And if there is a vulnerability in it, it cannot be fixed.
If attackers use this component, their actions will be invisible, since no software tool can detect malicious activity due to the inaccessibility of the microcontroller for the operating system.
Microcontroller safety is based on the principle of "safety through obscurity." That is, it cannot be compromised, because no one (except Intel) knows how it works. At the same time, the device has almost unlimited uncontrolled rights.
Despite the fact that the firmware is protected by a 2048-bit RSA encryption key, the researchers were able to hack early versions of chipsets with an Intel ME microcontroller and gain partial control over the embedded software. Damien Zammit, independent researcher and developer |
2015: There is a vulnerability in Intel x86 processors
On August 10, 2015, it became known that Intel processors on the x86 architecture had a vulnerability that allowed hackers to install "eternal" viruses on computers[7].
The vulnerability has existed for 18 years.
A defect in the Intel x86 architecture allows attackers to place a rootkit in the firmware of personal computers and gain unlimited access to the system, Christopher Domas, an analyst at the Battelle Memorial Institute, said at the Black Hat conference.
A vulnerability in the x86 architecture appeared back in 1997, but was discovered 18 years later.
BIOS Update
It allows an attacker to gain access to the System Management Mode (SMM) processor mode implemented in Intel chips. SMM mode provides the program with the highest possible access in the system (above any level of access in the OS, since SMM mode is at a lower system level). In SMM mode, a hacker can reset the BIOS to zero, disrupting the PC, or inject malicious code into the firmware of a personal computer.
Introduction of "eternal" viruses
This code can then be used, for example, to recover a remote virus. The malicious program can settle on the computer forever, and the user will not be able to understand where the "infection" comes from.
Domas tested only Intel chips for the vulnerability, but noted that AMD its presence is also possible in processors, since they have the same architecture.
Patch from Intel
According to the researcher, he notified Intel about the problem and it fixed the error in the latest generation processors. The company has released a patch for chips from previous generations. However, it is not able to "cure" all processors.
But in order to carry out an attack, a hacker must first obtain administrator rights in the system. That is, the vulnerability itself does not allow access to the computer initially, but helps to disguise the virus already placed in it.
The work of other researchers
Previously, the security of the basic components of computing systems has repeatedly come into question. So, in March 2015, researchers Xeno Kovah and Corey Kallenberg at the CanSecWest conference in Vancouver, Canada, demonstrated the ability to remotely reflash the BIOS of personal computers by placing malicious code in its software.
Notes
- ↑ Black Code: Two critical vulnerabilities found in Intel processors
- ↑ Expanding Intel's bug bounty program: new side channel program, increased awards
- ↑ Intel offers up to $250,000 for vulnerabilities found in its products
- ↑ Intel Warned Chinese Companies of Chip Flaws Before U.S. Government
- ↑ https://www.bleepingcomputer.com/news/hardware/no-windows-fix-just-yet-for-the-intel-bug-that-crashes-cpus/ No Windows Fix Just yet for the Intel Bug That Crashes CPUs] The issue
- ↑ A "huge hole" has been detected in computers with Intel processors.
- ↑ An architectural defect in Intel processors gives hackers full access to the system