Dell, Lenovo, HP will patch hundreds of devices affected by Intel's buggy embedded CPU

Computer giants Dell, Lenovo, and HP are in the process of preparing firmware updates to fix the eight flaws in Intel’s embedded CPU found in a variety of its chips. 

Lenovo and Dell have published lists of PCs, laptops and servers affected by Intel’s hidden Management Engine and other bugs affecting Intel Trusted Execution Engine (TXE) and Server Platform Services (SPS). 

Some the flaws would allow an attacker to run malware on Intel's hidden CPU and remain invisible to the operating system and any security products.

“An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation, or denial of service,” Lenovo said in its advisory

Intel said the firmware vulnerabilities may be present on a number of processor families, including Intel Core, Xeon, Atom, Pentium and Celeron. It also provided a detection tool to help Windows and Linux users identify whether their systems were vulnerable. 

The chip company carried out an audit after researchers from security firm Positive Technologies discovered several bugs in Intel’s closed source ME. Intel disclosed some details about the bugs in an advisory on Monday, noting that PCs, servers and IoT devices could be affected. 

In an update to its original advisory Intel said that its Intel NUC mini PC, Compute Stick, and Compute Card were affected. It plans to provide BIOS updates for these products that customers can download around mid-December, according to an advisory.   

Lenovo's affected systems include ThinkPad and Yoga laptops, several desktops, all-in-one systems, ThinkStation towers, and some data centre equipment. The hardware maker is aiming to provide updates for 138 affected models by Friday, but there are dozens more it has confirmed at affected but does not have a target date for yet. 

Dell has provided firmware updates for a number of its PowerEdge servers and says it is “diligently working to update the affected platforms”. 

It’s also identified well over a hundred vulnerable products from its PC lineup, including the multiple Inspiron models, Alienware computers, Vostro, OptiPlex, and XPS laptops. It is yet to determine when firmware updates will be available but will update the advisory when they’re available. 

HP said in a statement on Wednesday that it had worked with Intel to provide fixes that will be available on its website. 

“Intel has identified a vulnerability in its Management Engine platform that impacts all its OEM partners. HP has worked with Intel to provide fixes for impacted systems that are available on," the company said. 

Acer, Fujitsu, and Panasonic have also provided updates for affected systems.

Read more: ​HP ships 28 laptop models with an ‘accidental’ keylogger

The updates can be found at Intel’s advisory here.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags HPDellcyber attacksLenovocyber securityintel management engine

More about AcerAlienwareDellFujitsuHPIntelLenovoLinuxPanasonic

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts