Intel audited ME and other firmware after third-party researchers identified flaws in it earlier this year, which will be the subject of a talk at Black Hat in December. The researchers were exploring techniques to disable ME, which isn't normally feasible.
ME supports Intel's Active Management Technology (AMT), a powerful tool that allows admins to remotely manage devices used in business and education, even when the device is not booted. Several of the newly disclosed flaws affect AMT in the ME firmware.
The flaws are potentially very dangerous if an attacker successfully exploited them because they would allow the attacker to run malware that's invisible to the operating system.
Security firm Rapid7 notes that remote attackers could access some AMT components if remote management ports are left open, which may allow them to combine older flaws with the new flaws.
It advises checking Intel's AMT Manageability Ports reference page and scanning the corporate network for open Intel ME/AMT remote management ports and segmenting any open ones with an internal VPN using multi-factor authentication.
Shortly after the May 1 disclosure of an Intel AMT/ME flaw, Rapid7's Heisenberg Cloud detected a significant spike in scans for the ports used within the context of AMT remote management. It has not seen a similar spike following this week's disclosure.
So far there are advisories from Acer, Dell, Fujitsu, HPE Servers, Lenovo, and Panasonic, but there should be many more to come.
Lenovo will or is aiming to provide firmware updates for 138 models affected by the Intel flaws this Friday. However, it doesn't have a date for many of the affected machines.
Due to the nature of the flaws, Dell also is recommending owners of affected computers and servers ensure the hardware is "physically secured where possible" and that only authorized personnel have hands-on access.
Dell's client hardware advisory lists numerous Alienware, Inspiron, Latitude and Precision models affected. It plans to roll out updates through December and January, but lists many models as affected with updates to be determined. Dell has already released updates for 15 PowerEdge servers.
Acer has published a long list of affected models, including devices in its Aspire and TravelMate Spin range. It has yet to determine dates that firmware updates will be released.
Fujitsu is currently preparing support pages for products sold in different regions.