Skip to main content

Intel ME Manufacturing Mode Vulnerability

Certain Intel CPUs appear to have been shipped to original equipment manufactures (OEM) with highly proprietary debugging tools still enabled.
Threat ID:
CC-2706
Category:
Exploit
Threat Severity:
Low
Threat Vector:
Published:
5 October 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Certain Intel CPUs appear to have been shipped to original equipment manufactures (OEM) with highly proprietary debugging tools still enabled.

Affected platforms

The following platforms are known to be affected:

Core

  • Intel Core Processor - 8th Generation and earlier
  • Intel Xeon Processor E3-1200 Family- Version 5 and 6
  • Intel Xeon Processor Scalable Family - All versions
  • Intel Xeon Processor W Family - All versions
  • Intel Pentium Processor G Series - All versions
  • Intel Atom C3000 Processor Family - All versions
  • Intel Atom Processor Apollo Lake E3900 series - All versions
  • Intel Pentium Apollo Lake Series - All versions
  • Intel Celeron Processor - G, N and J Series

Xeon Processor Scalable Family

Threat details

Collectively referred to as 'Manufacturing Mode' by the Intel Management Engine (ME), the tools are used for configuration and testing of the processor during the manufacturing process. Manufacturing Mode allows access to critical platform settings including those for BootGuard (the digital keys used by the ACM and UEFI modules), OEM public keys and UEFI memory override protections. Other security settings are only initialised once Manufacturing Mode has been closed, meaning that the affected processor does not have even basic protections in place.

A local attacker could exploit these tools to load older, more vulnerable versions of ME on to an affected device. They would then be able to exploit these further to gain control of the device.

At the time of publication only Apple devices have been found to have CPUs with Manufacturing Mode enabled, although it is highly likely other OEMs will be affected.

Remediation steps

Type Step
Apple addressed this vulnerability in their June 2018 macOS security update. Users and administrators are encouraged to apply this update immediately. The researchers who discovered the vulnerability have produced code to detect vulnerable Intel processor, this can be found on their Github page.

Last edited: 17 February 2020 12:45 pm