An Patch-Uncordable Vulnerability Discovered in Intel Processors

A critical vulnerability has been discovered in all Intel processors developed over the past 5 years, making systems vulnerable to hackers. This vulnerability in processors cannot be corrected by patching.

Security researchers have discovered a vulnerability that cannot be corrected in Intel processors . The vulnerability affects Intel's Unified Security and Management Engine (CSME), which controls system boot, power levels, firmware, and most importantly, encryption functions.

Having its own 486-based CPU, RAM, and boot ROM, CSME is the first thing to work when you start your computer. One of the first things this unit does is to protect its own memory, but there is a short moment when it remains vulnerable. If hackers have local or physical access to a machine, they can attack DMA (direct memory access) to CSME .

With the attack, hardware IDs can be imitated, digital content can be captured and data from encrypted hard disks can be decrypted. Because the boot code and RAM are encoded embedded in Intel's CPUs, the vulnerability cannot be patched without changing the silicon.

If attackers can access CSME's chipset key by executing malicious code  , it can access the basic parts of the operating system along with applications and cause serious damage. This chipset key is not platform specific, and a single key is used for all Intel processors developed over the past 5 years.

It may sound awful, but exploiting this vulnerability requires high technological knowledge, special equipment, and local or physical access to computers. After hackers get inside the system, they can get remote access to the computer .

Copyright © 2020