All Intel processors released in the past 5 years contain an unpatchable vulnerability that could allow hackers to compromise almost every hardware-enabled security technology that are otherwise designed to shield sensitive data of users even when a system gets compromised.
The vulnerability, tracked as CVE-2019-0090, resides in the hard-coded firmware running on the ROM (“read-only memory”) of the Intel’s Converged Security and Management Engine (CSME), which can’t be patched without replacing the silicon.
Intel CSME is a separate security micro-controller incorporated into the processors that provides an isolated execution environment protected from the host opening system running on the main CPU.
It is responsible for the initial authentication of Intel-based systems by loading and verifying firmware components, root of trust based secure boot, and also cryptographically authenticates the BIOS, Microsoft System Guard, BitLocker, and other security features.
Although this insufficient access control vulnerability is not new and was previously patched by Intel last year when the company described it just as a privilege escalation and arbitrary code execution in Intel CSME…