The Intel SA-00086 is a critical vulnerability found in the Intel Management Engine.
Attackers can gain unauthorized access to systems using Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
This includes the following scenarios where an attacker could:
- Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
- Load and execute arbitrary code outside the visibility of the user and operating system.
- Cause a system crash or system instability
Affected processor families by Intel SA-00086
In short, all machines made with modern hardware from Intel after August 2015 are vulnerable. If the list below doesn’t mean anything to you, run the ‘Intel SA-00086 Detection Tool‘.
- 6th, 7th, and 8th generation Intel® Core™ Processor Family:
- Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® Processor W Family
- Intel Atom® C3000 Processor Family
- Apollo Lake Intel Atom® Processor E3900 series
- Apollo Lake Intel® Pentium® Processors
- Intel® Celeron® N and J series Processors
- Lenovo – Official Statement, downloads, affected models