Intel has released a detection tool to determine whether the host system’s CPU is vulnerable to the security exploit defined in Intel’s Management Engine. The company launched a Management Engine “critical firmware update” (SA-00086, available here, alongside the tool) with a utility that checks 6th, 7th, and 8th Generation Core series CPUs – everything dating back to Skylake, basically – for vulnerabilities exposed through the integrated MINIX operating system. Intel’s version of the Minix OS, originally built for educational purposes by Andrew Tanenbaum, operates on Ring level -3 (negative, as in: you have no access) on the CPU, with the vulnerability present on all Skylake, Kaby Lake, and Coffee Lake PCHs.
Intel’s firmware update addresses the following CPU families, and should be installed immediately:
- 6th, 7th, and 8th generation Intel® Core™ Processor Family:
- Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® Processor W Family
- Intel Atom® C3000 Processor Family
- Apollo Lake Intel Atom® Processor E3900 series
- Apollo Lake Intel® Pentium® Processors
- Intel® Celeron® N and J series Processors
The SA-00086 detection tool works on both Windows and Linux, and will tell you if you’re presently vulnerable to exploits.
In related news, users of Gigabyte motherboards may now download an emergency security patch that should help protect Gigabyte users from Intel’s incompetence. Other vendors will soon follow.
Editorial: Steve Burke
Thanks for the tip, “Liquidpaper.”