Intel has issued a security advisory (INTEL-SA-00213) to address multiple vulnerabilities in some Intel products including Intel® Converged Security & Management Engine (Intel® CSME), Intel® Server Platform Services (Intel® SPS), Intel® Trusted Execution Engine Interface (Intel® TXE), Intel® Dynamic Application Loader (Intel® DAL), and Intel® Active Management Technology (Intel® AMT). A potential attacker could possibly exploit the vulnerabilities to elevate the privileges of any users without prior approval from system owners, cause disclosure of information, or trigger denial-of-service.
Successful exploitation of the vulnerabilities could lead to privilege escalation, information disclosure, or system crash on an affected system.
Intel offers the INTEL-SA-00213 Discovery Tool to detect the presence of the vulnerabilities on a system. The Discovery Tool is available at the following URL:
If the system is confirmed affected, system administrators are advised to check with the system OEM/computer manufacturer for the updated firmware and update the firmware to a non-vulnerable version.
Relevant advice/firmware updates of some computer manufacturers are listed below:
The above list is not exhaustive and system administrators should consult product vendors to confirm whether the products are affected and if so, availability of patches and mitigation measures.
Users should always adopt and implement multi-layered defense (e.g. firewall,
anti-malware solution, etc.) to defend the potential attack vectors, either through network or malware, that are deployed to exploit the vulnerabilities.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0089 to (CVE-2019-0094)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0096 to (CVE-2019-0099)