Intel Management Engine Multiple Security Vulnerabilities Fixed

Chipzilla recently announced more security updates for Intel Management Engine. According to several announcements released, a total of four vulnerabilities have been fixed. Positive Technologies details these bugs, including the 'HTTP handler buffer' numbered CVE-2018-3628. The overflow problem is the most serious.

An attacker on the same network subnet can execute arbitrary code in an Active Management Technology (AMT) environment and access AMT accounts without administrator privileges. This allows a malicious attacker to remotely control the computer.

CVE-2018-3629 is another buffer overflow vulnerability. CVE-2018-3632 is a memory corruption error. Only local attackers with administrator privileges can use it. CVE-2018-3627 also requires administrator privileges. This is Intel Converged. A logic error in Security Management Engine 11.x that can run arbitrary malicious code.