Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

Intel recommends updating to protect processors against critical vulnerability

Researchers found a vulnerability in some Intel processors that allows attackers to access encrypted data and install malicious firmware. When abused, the vulnerability opens the door to break through various security measures on the chip.

Intel is already aware of the issue and advised affected users to download the latest firmware update in order to protect their systems.

intel core i9-11900K
Intel

The vulnerability affects older Intel processors, including Intel Pentium, Celeron, and Atom, which are based on the Gemini Lake, Gemini Lake Refresh, and Apollo Lake platforms. Interestingly, it can only be exploited by hackers in physical possession of the chip — online-only access will not compromise the processor.

Recommended Videos

Due to this security flaw, capable hackers who have the affected chip on hand are allowed to run it in debugging and testing modules that are normally only used by firmware developers. This lets them completely bypass security measures, including Bitlocker and TPM protection, anti-copying blocks, and more.

Accessing developer mode allows the attacker to extract the data encryption key, which on Intel CPUs is normally stored in the TPM enclave. TPM stands for Trusted Platform Module and is a microcontroller used for storing keys, digital certificates, passwords, and other sensitive data. If TPM is being used to protect a Bitlocker key, using the processor in developer mode also lets the attacker breach that final wall of protection.

On top of gaining access to sensitive data, the hacker would also be able to breach the Intel Management Engine and run unauthorized firmware on the chip. The end result could be permanent access to the chip that could potentially go undetected for an undetermined amount of time.

A description of key derivation.
Image credit: Ars Technica Image used with permission by copyright holder

The entire process of gaining access to the processor and overcoming security measures takes just 10 minutes, which means that those with brief access to the chip are able to potentially cause a massive security breach in a very short time.

This vulnerability was first discovered and reported by researchers Mark Ermolov, Dmitry Sklyarov, and Maxim Goryachy. They reported it to Intel and talked about the vulnerability, revealing further details of the possible breach. Ars Technica then reported the situation in more detail.

“We found out that you can extract this key from security fuses. Basically, this key is encrypted, but we also found a way to decrypt it, and it allows us to execute arbitrary code inside the management engine, extract Bitlocker/TPM keys, etc.,” Goryachy told Ars Technica.

This isn’t the first time Intel products have been targeted by various hacking attempts. In 2020, the same research team found a possible vulnerability that allowed attackers to decrypt several Intel updates. There have also been flaws in the Intel Boot Guard and Software Guard Extensions.

Although Intel admits that the latest discovered vulnerability is dangerous and gave it a high severity rating, there have been no reports of users suffering from this security breach. Intel advises the owners of affected processors to simply install the latest firmware update in order to reinforce the security of their CPUs.

Monica J. White
Monica is a computing writer at Digital Trends, focusing on PC hardware. Since joining the team in 2021, Monica has written…
Not this again: Intel Arrow Lake may have instability issues
A render for an Intel Arrow Lake CPU.

Intel's Arrow Lake is just a couple of days from hitting the market, and we've been inundated with various reports and leaked benchmarks. Today's news doesn't sound good, though. YouTuber Moore's Law Is Dead reports that Arrow Lake, also referred to as Core Ultra 200-S, may have some instability issues -- much like what we've seen Intel battle for months on end with Raptor Lake.

Before we dive in, keep in mind that all of this is yet to be confirmed, and we're mere days away from finding out whether it's true or not. However, it could give some buyers a reason to hold off and read the reviews before preordering the CPUs. Moore's Law Is Dead talked about various reviewers and tech YouTubers who had something bad to say about Arrow Lake's stability. The issues are twofold: A wild discrepancy between benchmarks, and running into crashes.

Read more
Intel’s new Arrow Lake CPUs can still consume a ton of power
Pins on Core i9-12900K.

Intel has made a big deal about the efficiency of its upcoming Arrow Lake CPUs, which are looking to earn a spot among the best processors when they release later this week. Some early benchmark results HXL on X (formerly Twitter) show that the CPUs can still draw a ton of power if you stray from Intel's default power settings, however.

The post, which you can see below, shows the Core Ultra 9 285K peaking at 370 watts of power draw in Cinebench R23's multi-core test. The CPU itself is blacked-out, but you can tell it's the Core Ultra 9 285K from the 24 cores picked up by Cinebench. The Core Ultra 9 285K has a maximum turbo power of 250W, according to Intel, and a base power of 125W.

Read more
I’m worried Intel is making a mistake with Arrow Lake
Someone holding the Core i9-12900KS processor.

For the last several years, every new generation from Intel has felt like a make-or-break moment. Now, with Arrow Lake CPUs, the stakes are even higher. Intel is facing unprecedented financial troubles, and although it still makes some of the best processors, the silicon giant that used to loom over the PC industry isn’t as strong as it once was.

Arrow Lake is yet another major shift. The CPUs kill Intel’s long-standing Hyper-Threading feature. They introduce two new core architectures. And they debut the Core Ultra branding on desktop, along with the new LGA 1851 socket. I’m worried that Intel’s strategy won’t work with Arrow Lake, though.

Read more