As reported by ZDNet:
Thanks to an investigation by third-party researchers into Intel's hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers.
The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS).
Intel discovered the bugs after Maxim Goryachy and Mark Ermolov from security firm Positive Technologies found a critical vulnerability in the ME firmware that Intel now says would allow an attacker with local access to execute arbitrary code.
[...]
The bugs affect systems using Intel's 6th, 7th, and 8th Generation Core CPUs, a range of Xeon processors, as well the Apollo Lab Atom E3900 series, Apollo Lake Pentium, and Celeron N and J series chips.
Intel says the flaws would allow an attacker to "Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity".
The attacker could also load and execute arbitrary code that would be invisible to the user and operating system.
Yikes.
Intel has released detection tools for both Windows and Linux that can help you determine just how at-risk your system might be, so good on them, but this is still the second time this week that a breaking story reveals a big company's supposed security measures as making users' systems less secure... and the week's not yet over. Hell, the week's only barely beginning. So much for the news lull that I was expecting.