Intel processor vulnerability detection tool

Intel Processor Vulnerability Detection Tool Intel-SA-00086 is an NTEL-SA-00086 detection tool that will help detect the security vulnerabilities described in INTEL-SA-00086. The first is an interactive GUI tool that can discover the hardware and software details of the device and provide a risk assessment. This version is recommended for local system evaluation. The second version of this tool is a console executable that saves discovery information to the Windows* registry and/or XML file.

Software description

This version is more convenient for IT administrators who wish to perform batch discovery on multiple machines to find systems as targets for firmware updates. SA00086_Linuxtar.gz - For Linux* users this version of the tool is a command line executable that will display a risk assessment of the system being tested. NOTE: Versions of the INTEL-SA-00086 detection tool earlier than 1.0.0.146 do not check for CVE-2017-5711 and CVE-2017-5712. These CVEs only affect systems with Intel Active Management Technology (Intel AMT) versions 8.x-10.x. Users of systems using Intel AMT 8.x-10.x are encouraged to install version 1.0.0.146 or later to help verify the status of their systems with respect to the INTEL-SA-00086 security advisory.

Intel processor ME management engine security vulnerability

Some time ago, researchers discovered that the management engine "ME" used by Intel's processors in recent years is actually a complete mini operating system MINIX, which has Ring -3 level of supreme authority and is running even when it is shut down. It is equivalent to a mini kingdom independent of the computer system. However, Intel has never disclosed relevant information to the outside world.

Researchers are worried that if there are any security risks in such a core system, the threat will be unprecedented and even undefendable. Google has already taken action to try to remove MINIX.

Sure enough, Intel released a security report today, admitting that there are as many as 11 security vulnerabilities in the management engine ME 11.0.0-11.7.0 version, the trusted execution engine TXT version 3.0, and the server platform service SPS version 4.0 in the processors of the past three years, and the environment being exploited is MINIX!

These vulnerabilities affect many processor models, including:

- Sixth generation Core Skylake, seventh generation Core Kaby Lake, eighth generation Core Coffee Lake series

- Xeon E3-1200 v5/v6 series

- Xeon Scalable series

- Xeon W series

- Atom C3000 series

-Apollo Lake Atom E3900 Series

-Apollo Lake Pentium series

- Celeron N/J series

These vulnerabilities can be used to load and execute arbitrary code, which can cause system instability or even crash in related PCs, servers, and IoT devices. Moreover, the entire attack process is invisible to the operating system and users, which means it is impossible to defend!

In addition, although most vulnerabilities need to be exploited locally, because the ME management engine also supports AMT active management technology, the possibility of remote attacks is also very high.

Intel also announced a detection tool that can help Windows and Linux users detect whether their processors are affected.