[SingCERT] Advisory on Intel Firmware Vulnerabilities
Published on 23 Nov 2017 | Updated on 16 Mar 2022
Background
Intel manufactures processors that reside in computers and other devices. These processors execute instructions which will then perform specific actions.
On 20th November 2017, Intel announced security vulnerabilities (CVE-2017-5705 to CVE-2017-5712) in Intel Core processors manufactured from 2015 onwards. These vulnerabilities could lead to remote code execution (RCE) on certain PCs, servers, and Internet-of-Things (IoT) platforms.
Affected products include:
Impact
A successful exploit could allow attackers to remotely execute arbitrary code to perform a variety of malicious tasks such as gain access to privileged system information, cause system instability, as well as obtain sensitive information.
Recommendations
SingCERT recommends users to install and update affected products to the latest firmware as soon as possible.
References
https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
On 20th November 2017, Intel announced security vulnerabilities (CVE-2017-5705 to CVE-2017-5712) in Intel Core processors manufactured from 2015 onwards. These vulnerabilities could lead to remote code execution (RCE) on certain PCs, servers, and Internet-of-Things (IoT) platforms.
Affected products include:
- 6th (Skylake), 7th (Kaby Lake) & 8th (Kaby Lake-R and Coffee Lake) Generation Intel® Core™ Processor Family
- Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® Processor W Family
- Intel® Atom® C3000 Processor Family
- Apollo Lake Intel® Atom Processor E3900 series
- Apollo Lake Intel® Pentium™
- Celeron™ N and J series Processors
Impact
A successful exploit could allow attackers to remotely execute arbitrary code to perform a variety of malicious tasks such as gain access to privileged system information, cause system instability, as well as obtain sensitive information.
Recommendations
SingCERT recommends users to install and update affected products to the latest firmware as soon as possible.
- To find out the details pertaining to your processor, visit https://www.intel.com/content/www/us/en/support/articles/000006059/processors.html.
- To identify your processor's generation, visit https://www.intel.com/content/www/us/en/processors/processor-numbers.html.
- Check with your respective computer's manufacturer for the latest firmware updates.
References
https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
