Despite continuous patches, Intel CPUs keep making the news for one or another vulnerabilities being spotted by researchers. While numerous researchers have highlighted various bugs in Intel’s Management Engine, once again, we heard of similar news. Recently, some researchers discovered a vulnerability that potentially leaked Intel ME encryption keys. Fortunately, Intel has released a patch for the flaw.
Security researchers from Positive Technologies disclosed in a blog post a vulnerability affecting Intel CPUs. Reportedly, they found a bug in the Intel’s data storage component that leaked Intel ME encryption keys.
The Intel MFS (ME File System) stores data after encrypting with any of the four cryptographic keys depending upon the purpose and the sensitivity of the data. Two of these are classified as Intel Keys that include Intel Confidentiality Key and Intel Integrity Key. Whereas, the other two are Non-Intel Keys, including the Non-Intel Confidentiality Key and the Non-Intel Integrity Key.
As explained in the PT blog post, an attacker could easily access both the Non-Intel Keys by exploiting the information disclosure vulnerability in the Intel’s MFS. Describing the findings of Dmitry Sklyarov, a security expert at Positive Technologies, the blog post states,
“He found that Non-Intel Keys are derived from two values: the SVN and the immutable non-Intel root secret, which is unique to each platform. By using an earlier vulnerability to enable the JTAG debugger, it was possible to obtain the latter value. Knowing the immutable root secret enables calculating the values of both Non-Intel Keys even in the newer firmware version.
Attackers could calculate the Non-Intel Integrity Key and Non-Intel Confidentiality Key for firmware that has the updated SVN value, and therefore compromise the MFS security mechanisms that rely on these keys.”
After accessing the Non-Intel Integrity Key, an attacker could easily add or delete files, change protection attributes and bypass the anti-replay mechanisms. While, by exploiting the access Non-Intel Confidentiality Key, the attacker could access the Intel Active Management Technology (AMT) passwords.
This Intel MFS vulnerability has achieved a high severity rating with a CVSS base score of 7.3. Reportedly, the bug affected Intel Converged Security and Manageability Engine (CSME) version 11.21.55 or earlier, Intel Server Platform Services (SPS) version 4.0 and before, and Intel Trusted Execution Engine (TXE) version 3.1.55.
After receiving the report from the researcher, Intel began working out to mitigate the vulnerability. Now, as reported, Intel has released a patch for this flaw. Hence, the users can protect themselves by updating to the latest versions of Intel CSME, Intel SPS, and Intel TXE.
Let us know your thoughts in the comments section.