Intel just patched a critical flaw in its CPUs

Intel has just patched a critical vulnerability in its vPro processors, and worryingly this flaw has existed for no less than seven years.

To be precise, the problem is an escalation of privilege vulnerability in Intel’s Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology firmware – a bug which could be leveraged by an attacker to gain full control over a computer, then install malware or take other nefarious actions.

The average user needn’t worry about this, as it doesn’t affect Intel’s CPUs aimed at consumers, but business users with PCs or servers running vPro processors and utilising Intel’s AMT service have apparently been open to exploit for the best part of a decade.

The company said the problem affected Intel’s manageability firmware from version 6.x through to 11.6, but not versions before or after these.

Core of the matter

Those running any of these versions of Intel’s manageability firmware should ensure that their system is patched pronto, following the instructions Intel gives here.

These details show you how to find out if your PC is affected, and if it is, you’ll need to check with your computer manufacturer for updated firmware – or if the latter isn’t ready yet, use the mitigations Intel advises.

As Ars Technica reports, there has apparently been some debate in the security community about whether leveraging this flaw may require other conditions – such as having Local Manageability Service software running, as well as the aforementioned requirements – but it isn’t really clear whether this is the case or not.

At any rate, this is certainly a potentially very serious vulnerability which should get your full attention until it’s resolved one way or another.

TOPICS

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Pro
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
A person holding out their hand with a digital AI symbol.
AI is booming — but are businesses seeing real impact?
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa Devices, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA