Patchday: Intel closes critical security gap in remote maintenance function BMC

Attackers can exploit several vulnerabilities in Intel firmware and drivers, among other things, to attack PCs. Several security patches have now been released.

The semiconductor manufacturer lists all updates in the security section of its website. There are currently no reports of ongoing attacks.

BMC gaps

The most dangerous is a vulnerability (CVE-2023-25191 “critical”) in the server board BMC firmware. It specifically affects the remote maintenance function of some server mainboards. Attackers should be able to exploit the vulnerability without authentication to gain higher user rights.

In addition to installing the security updates, admins should ensure that such remote maintenance ports are not publicly accessible via the internet. This minimizes the risk of attack. The affected server mainboards and security updates are listed in a warning message. The developers have also closed additional BMC vulnerabilities with the updates.

Further gaps

Vulnerabilities (such as CVE-2023-43758 “high”) in the UEFI firmware for certain Intel CPUs have also been closed. At these points, already authenticated attackers can acquire higher rights.

There are also updates for Intel's Converged Security and Manageability Engine (CSME). Among other things, DoS attacks (CVE-2024-38307 “high”) are possible here. 13th and 14th generation CPUs and graphics drivers also receive security patches.

Intel's System Security Report and System Resource Defense (PPAM) is actually intended to monitor access to the System Management Mode (SMM) as a protective mechanism. However, due to several loopholes, it can now serve as a gateway for attackers.

(des)