Skip to main content

Researchers find vulnerability in older versions of Intel ME, but you probably don't need to worry

8th gen intel core launch building 01
Image used with permission by copyright holder
According to security researcher Damien Zammit, there’s possibility that computers based on recent x86-based processors from Intel could be unknowingly compromised. The good news, however, is that there’s no known exploit currently in use, so don’t panic just yet.

Most general consumers purchasing Intel-based desktops and laptops have no clue that a special 32-bit ARC microprocessor is built inside Intel’s supporting motherboard chipset. It’s part of the Intel Management System (ME), and acts like a standalone, independent “computer” that controls the Intel x86 processor. Its main focus is big enterprise deployments, so that multiple systems can be managed remotely.

That said, ME is invisible in regards to the overall system setup, and in some cases includes Intel’s Active Management Technology (AMT) so that it can continue to perform no matter what operating system is installed. Thanks to AMT, the ME system can sneak past the x86 Intel processor and access any region of the system memory. It also runs its own TCP/IP server, which is capable of bypassing an installed firewall to send and receive packets. The ME system cannot be disabled by the installed operating system or x86-based firmware, especially on systems that are newer than the Intel Core 2 processor series.

Thus, because Intel-based systems essentially depend on ME to boot, the ME firmware is verified by a boot ROM that’s secretly embedded in the Intel chipset. This process matches the public key’s SHA256 checksum with one provided by the factory, and then verifies the RSA signature of the firmware payload, a process that can’t be bypassed. The ME firmware is cryptographically protected with RSA 2048. If the ME firmware is not present or somehow becomes corrupted, the system will either shut down right after booting, or will refuse to boot altogether.

So, the big stink regarding Intel’s ME system is that researchers reportedly managed to exploit weaknesses in the firmware, enabling them to take partial control of ME installed on early platforms. That means there’s a possibility that attackers can slip under the radar and use a rootkit to quietly gain administrative access to an Intel-based computer. But this possibility is theoretical, and the research only applies to an older version of Intel ME.

“Personally, I would like if my ME only did the most basic task it was designed for, set up the bus clocks, and then shut off,” writes Damien Zammit. “This way, it would never be able to talk out of the network card with some of my personal data.”

At its heart, this controversy is about a difference in opinion about security best practices. Intel’s ME takes a locked-down approach. Only the company knows how it works. That makes it harder to attack, but it also makes it harder to mitigate the possible damage of an attack, and means there’s no way to know — for sure — how it’s working. Zammit supports an open-sourced approach. He believes its “inevitable” that ME will fall to an exploit, and once that happens, it’ll be open season on Intel machines.

However, it’s worth noting that open-source security has a rocky track record of its own. The infamous “Heartbleed” bug, which made it possible to steal information out of the secured OpenSSL protocol, is a good example. In other words, Zammit’s idea that Intel ME would be better off if Intel let others know about its details is an opinion, not a fact.

So, if you have an Intel processor, don’t worry. There’s no known exploit being used at this time. And not all Intel processors have the chip — only those that support vPro functionality include it.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
HP Envy deals: HP’s most popular laptop starts at $630
An HP Envy 17-inch laptop sits on an office desk.

A great computer brand to shop if you’re in the market for a new laptop is HP, which is consistently among the best laptop brands. It has several different model lineups to choose from, with the HP Envy laptop lineup offering a good balance of hardware options and pricing. The HP Envy lineup is also a good one to shop because it regularly turns out some impressive laptop deals. That’s certainly the case right now, as there are a lot of HP Envy deals to shop. We’ve rounded up what we feel are the best HP Envy deals currently taking place, so read onward for more information on how to land some savings.
HP Envy x360 2-in-1 laptop 15Z-FH000 — $630, was $900

The HP Envy x360 convertible laptop is a great option for just about anyone, particularly anyone who enjoys the touchscreen functionality of a tablet. It’s well designed and super slim, making it a truly go-anywhere device. Despite its portability, it still has an immersive 15.6-inch touchscreen that’s great for creators, note-takers, and binge watchers. Top notch build quality and durability, fast charging technology, a fingerprint reader, and great battery life round out the top features of the HP Envy x360 convertible touchscreen laptop. It competes well with the best 2-in-1 laptops. Its versatility and all-around capability make it a worthy companion on any desk, and on any lap.

Read more
Best Surface Laptop and Surface Pro deals: From $450
Microsoft Surface Go 3 sitting on table.

If you want a thin and light laptop that's similar to the MacBook Air but not in the Apple ecosystem, then the Microsoft Surface lineup of laptops is absolutely the way to go. In fact, if you've seen the recent unwrapping of the business version of the Surface Pro 10 and Surface Laptop 6, you might be fired up and ready to grab your own surface. Unfortunately, the Surface lineup can be quite expensive, which is why we've gone out and scoured the retailers for the best deals we could find and collected them below. So, be sure to check out everything, as well as some of these other great laptop deals if you aren't fully committed to the Microsoft Surface lineup.
Microsoft Surface Go 3 -- $450, was $550

Functioning as a 2-in-1 laptop that can switch between tablet mode and laptop mode, the Microsoft Surface Go 3 won't have trouble dealing with basic tasks as it's equipped with the Intel Pentium Gold 6500Y processor and 8GB of RAM. The 10.5-inch touchscreen with 1920 x 1080 resolution is bright and colorful, and its 128GB SSD is more than enough for your documents. The Microsoft Surface Go 3 ships with Windows 11 Home in Mode, so you can start using it as soon as you unbox it. The device also promises up to 11 hours of battery life before requiring a recharge.

Read more
Best GPU deals: MSI, XFX, EVGA
An AMD graphics card in an external GPU enclosure.

If you're building a new PC from scratch, or upgrading an old one, then a new GPU is probably one of the biggest upgrades you can make, at least if you're looking for great gaming performance. Unfortunately, the last generation of RTX 40-series cards really amped the prices up, and even if you're going for AMD, you're going to be paying a pretty penny to get your hands on a good GPU. That said, there are some good deals to be had; whether you want something budget-friendly or high-end, you can always put that extra money you save into more RAM or a better CPU. Also, be sure to check out some of these gaming PC deals if you'd rather just grab something already pre-built.
MSI AMD Radeon RX 6500 XT Mech 2X 4GB GDDR6 -- $175, was $190

If you're looking for something that is ultra-budget, then this RX 6500 XT is a good option in the lower range and should let you handle at least some of the main free-to-play games like CS:GO and Rocket League, although you will have to play with graphical compromises. It should also handle indie and casual games, especially older ones like the ones you might find on emulators, so it's also a good option for that sort of budget build. the 4GB of VRAM is not a lot, but again, if you're not planning to play any modern AAA or AA games, then this isn't a bad option.

Read more