Skip to main content
  1. Home
  2. Computing

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Intel recommends updating to protect processors against critical vulnerability

Monica J. White
By

Researchers found a vulnerability in some Intel processors that allows attackers to access encrypted data and install malicious firmware. When abused, the vulnerability opens the door to break through various security measures on the chip.

Intel is already aware of the issue and advised affected users to download the latest firmware update in order to protect their systems.

intel core i9-11900K
Intel

The vulnerability affects older Intel processors, including Intel Pentium, Celeron, and Atom, which are based on the Gemini Lake, Gemini Lake Refresh, and Apollo Lake platforms. Interestingly, it can only be exploited by hackers in physical possession of the chip — online-only access will not compromise the processor.

Recommended Videos

Due to this security flaw, capable hackers who have the affected chip on hand are allowed to run it in debugging and testing modules that are normally only used by firmware developers. This lets them completely bypass security measures, including Bitlocker and TPM protection, anti-copying blocks, and more.

Related

Accessing developer mode allows the attacker to extract the data encryption key, which on Intel CPUs is normally stored in the TPM enclave. TPM stands for Trusted Platform Module and is a microcontroller used for storing keys, digital certificates, passwords, and other sensitive data. If TPM is being used to protect a Bitlocker key, using the processor in developer mode also lets the attacker breach that final wall of protection.

On top of gaining access to sensitive data, the hacker would also be able to breach the Intel Management Engine and run unauthorized firmware on the chip. The end result could be permanent access to the chip that could potentially go undetected for an undetermined amount of time.

A description of key derivation.
Image credit: Ars Technica Image used with permission by copyright holder

The entire process of gaining access to the processor and overcoming security measures takes just 10 minutes, which means that those with brief access to the chip are able to potentially cause a massive security breach in a very short time.

This vulnerability was first discovered and reported by researchers Mark Ermolov, Dmitry Sklyarov, and Maxim Goryachy. They reported it to Intel and talked about the vulnerability, revealing further details of the possible breach. Ars Technica then reported the situation in more detail.

“We found out that you can extract this key from security fuses. Basically, this key is encrypted, but we also found a way to decrypt it, and it allows us to execute arbitrary code inside the management engine, extract Bitlocker/TPM keys, etc.,” Goryachy told Ars Technica.

This isn’t the first time Intel products have been targeted by various hacking attempts. In 2020, the same research team found a possible vulnerability that allowed attackers to decrypt several Intel updates. There have also been flaws in the Intel Boot Guard and Software Guard Extensions.

Although Intel admits that the latest discovered vulnerability is dangerous and gave it a high severity rating, there have been no reports of users suffering from this security breach. Intel advises the owners of affected processors to simply install the latest firmware update in order to reinforce the security of their CPUs.

Editors' Recommendations

Topics
Monica J. White
Monica J. White
Computing Writer
Monica is a UK-based freelance writer and self-proclaimed geek. A firm believer in the "PC building is just like expensive…
Intel’s Raptor Lake refresh prices have leaked, and hikes are on the way
An Intel processor over a dark blue background.

We're most likely just a couple of weeks away from the release date for the Intel Raptor Lake refresh, and while Intel itself hasn't said much about it, interesting tidbits of information leak out pretty frequently. Today, we got a good look at what might be the pricing of almost the entire lineup. And it looks like price increases are coming, however minor they may be.

We expected that a price hike was likely for the Raptor Lake refresh, and that's exactly what seems to be happening. As per a tip sent to VideoCardz, the majority of the 14th-Gen lineup appeared briefly at a Canadian retailer known as Canada Computers. While the CPUs weren't listed, they could be found by searching for the product names, and that gives an idea of what to expect. Keep in mind that these prices are in Canadian dollars.

Read more
Intel Meteor Lake is coming to desktop, but there’s a big catch
Intel announcing the Meteor Lake release date on Intel Innovation.

It's been a real roller coaster ride with Intel Meteor Lake. First, it was coming to desktops, then it wasn't, then it was, and now ... it isn't, but it is. If you're as confused as we are, don't worry -- Intel has set things straight and we now know that Meteor Lake chips will be available in desktops, but they won't become some of the best processors for desktop PCs, all because they're not socketed.

Intel spoke about the future of its 14th-Gen Meteor Lake chips in a statement made to ComputerBase, revealing that, yes, Intel Meteor Lake will come to desktop PCs, but only all-in-one (AIO) computers like the Intel NUC or small form-factor PCs. It won't be available in socketed form, which means that you won't be able to install it in a future LGA1851 motherboard. In short, Meteor Lake chips are laptop CPUs, through and through.

Read more
The leaks were wrong — Intel Meteor Lake is coming to desktop
Intel CEO talking about Meteor Lake

For months, industry leaks have seemed to confirm that Intel’s Meteor Lake processors won’t be coming to desktop computers. Now, though, Intel has turned that narrative on its head, with the latest info confirming they’ll be launched on PCs after all.

The new information comes from a PCWorld interview with Michelle Johnston Holthaus, Intel’s executive vice president and general manager of the Client Computing Group. PCWorld spoke to Johnston Holthaus at the Intel Innovation 2023 event and managed to wring some previously unknown tidbits out of the VP.

Read more