Intel Warns of Critical Info-Disclosure Bug in Security Engine

[Mohammad.Poorya]

A critical security bug in the Intel Converged Security and Manageability Engine (CSME) could allow escalation of privilege, denial of service or information disclosure.

The details are included in a bug advisory that in total covers 77 vulnerabilities, 67 of which were found by internal Intel staff. The silicon giant has rolled out firmware updates and software patches to address these, which range in severity from the one critical flaw to a low-severity local privilege-escalation issue.

The affected products are: Intel CSME, Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Platform Trust Technology (PTT) and Intel Dynamic Application Loader (DAL).