Everything Your Need to Know About Unpatchable (CVE-2019-0090) Flaw Affect Intel CPUs
An unpatchable flaw (CVE-2019-0090) found recently in Intel is capable to make all hardware-enabled security technology vulnerable to cyber criminals. This flaw is been found inside hard-coded firmware running on Random Only Memory (ROM) of Intel’s “CSME” which stands for Converged Security and Management Engine. Well, Intel’s Converged Security and Management Engine distinct security micro-controller incorporated in the processors that furnish an separated execution environment secured from host opening system running on CPU. It is liable for initial authentication of your Intel-based computers by verifying firmware components, root of trust based prptected boot, additionally cryptographically authenticates the BIOS, BitLocker, Microsoft System Guard, and various other important security features.
This critical access control flaw is actually not new and has already patched by Intel previous year when company mentioned that it is just as Intel CSME firmware modules privilege escalation and arbitrary code execution in, however CVE-2019-0090 flaw stayed undervalued. Positive Technologies researchers have now discovered that this vulnerability can be used to recover the Chipset Key, kind of a master password or a root cryptographic key that can exploited by hacker to compromise chain of trust for some other security technologies. The worst thing about this unpatachable vulnerability is that hackers can exploited it to bypass DRM protections, and steal data from encrypted harddisk and to even access copyright-protected digital content.
Sadly, all the security patches released by Intel so far are incomplete and unable to completely prevent sophisticated attacks which puts millions of systems using Intel CUP’s at great risk of digital attacks. It is nearly impossible to detect and patch at least for now. According to researchers its not only impossible to patch firmware errors completely that are hard-coded on Mask ROM of chipsets and microprocessors. However, latest Intel 10th generation processors, SoCs and Ice Point chipsets are not vulnerable to this flaw. CVE-2019-0090 affects Intel CSME versions 11.x, Intel CSME version 12.0.35, Intel TXE versions 3.x, 4.x, and Intel Server Platform Services versions 3.x, 4.x, SPS_E3_05.00.04.027.0.