Skip to main content
  1. Home
  2. Computing
  3. News

Uh-oh! There’s an unfixable security vulnerability in Intel processors

Add as a preferred source on Google

A security issue that could affect almost all Intel processors released in the last five years has been discovered. Researchers at the security firm Positive Technologies found an error in a system called the Intel Converged Security and Management Engine (CSME), as well as in the hardware of the chips themselves.

The CSME system is used in a large number of processes on the chips, including initial authentication, and is the basis for various hardware security technologies used on Intel chipsets. It may be impossible to fully secure against this vulnerability.

Recommended Videos

“This vulnerability jeopardizes everything Intel has done to build the root of trust and lay a solid security foundation on the company’s platforms,” the researchers wrote in a blog post. “The problem is not only that it is impossible to fix firmware errors that are hard-coded in the Mask ROM of microprocessors and chipsets. The larger worry is that, because this vulnerability allows a compromise at the hardware level, it destroys the chain of trust for the platform as a whole.”

Security researcher Mark Ermolov gave more details about the vulnerability in a statement: “The vulnerability resembles an error recently identified in the BootROM of Apple mobile platforms, but affects only Intel systems. Both vulnerabilities allow extracting users’ encrypted data.

“Here, attackers can obtain the key in many different ways. For example, they can extract it from a lost or stolen laptop in order to decrypt confidential data. Unscrupulous suppliers, contractors, or even employees with physical access to the computer can get hold of the key. In some cases, attackers can intercept the key remotely, provided they have gained local access to a target PC as part of a multistage attack, or if the manufacturer allows remote firmware updates of internal devices, such as Intel Integrated Sensor Hub.”

Intel has issued a patch to mitigate the issue, which should make it harder for hackers to take advantage of the vulnerability. However, the security issue cannot be completed fixed through software patching. To completely secure against the issue, short of buying a new processor, Positive Technologies recommends disabling Intel CSME-based encryption of data storage devices.

If you are concerned about the security of your Intel chip, there is a page of information and recommendation on Intel’s website that you can check for guidance.

Georgina Torbet
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Microsoft wants Windows 11 and your phone to become best friends
Microsoft's latest plans reportedly focus on making the PC and smartphone experience feel seamless.
Windows 11 PC with Android Phone

For years, Phone Link has felt like that one app everyone knows exists but rarely remembers to open. Microsoft apparently wants to change that. According to a report from Windows Central, the company is working on a major overhaul of how smartphones integrate with Windows 11, making phones feel like a native part of the operating system instead of something users access through a separate app.

Phone Link is coming out of hiding

Read more
What are Copilot+ PCs? Everything you need to know
Copilot

Walk through a laptop aisle in 2026 and the Copilot+ PC branding is highlight for most Windows laptops. From Microsoft's own surface to other PC makers like Samsung, HP, and Dell, you can find notebooks that carry this badge to convey that they are AI-ready. At a glance, the name sounds like it refers to a computer with a better version of the Copilot chatbot, which only explains a small part of it.

A Copilot+ PC is a Windows 11 computer that meets Microsoft’s hardware standard for advanced on-device AI features like a compatible processor with a dedicated NPU. You also need a certain amount of RAM and storage, all of which brings access to Windows features such as Recall, Click to Do, and much more. Many of these experiences use the NPU to process information locally, reducing their reliance on cloud servers and helping them run more efficiently in the background.

Read more
ASUS expands its ProArt lineup with a compact keyboard and a smart creator mouse
The new ProArt KD300 and MD301 are designed to make life easier for designers, editors, and creators.
ASUS ProArt Keyboard KD300 and ProArt Mouse MD301

Creators have long had plenty of powerful laptops and monitors to choose from. Keyboards and mice? Not so much. ASUS is looking to change that with the expansion of its ProArt accessory lineup. Leading the announcement is the new ProArt Keyboard KD300, a compact low-profile keyboard that's designed to work alongside the ProArt Mouse MD301, giving creators a matching desktop setup built specifically for productivity instead of gaming.

A compact keyboard that doesn't sacrifice functionality

Read more