The U.S. government on Tuesday urged businesses to act on an Intel alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability, Reuters has reported.
The Department of Homeland Security gave the guidance a day after Intel said it had identified security vulnerabilities in remote-management software known as “Management Engine” that shipped with eight types of processors used in business computers sold by Dell Technologies, Lenovo Group, HP Inc, Hewlett Packard Enterprise and other manufacturers.
For a remote attack to succeed, a vulnerable machine would need to be configured to allow remote access, and a hacker would need to know the administrator’s user name and password, Little said. Attackers could break in without those credentials if they have physical access to the computer, he said.
Intel said that it knew of no cases where hackers had exploited the vulnerability in a cyber attack.
The Department of Homeland Security advised computer users to review the warning from Intel, which includes a software tool that checks whether a computer has a vulnerable chip. It also urged them to contact computer makers to obtain software updates and advice on strategies for mitigating the threat.
Intel spokeswoman Agnes Kwan said the company had provided software patches to fix the issue to all major computer manufacturers, though it was up to them to distribute patches to computers users.
Dell’s support website offered patches for servers, but not laptop or desktop computers, as of midday Tuesday. Lenovo offered fixes for some servers, laptops and tablets and said more updates would be available Friday. HP posted patches to its website on Tuesday evening.
