Intel’s Management Engine feature has been concern for many security researchers who feel that this remote administration feature is a ripe target for attackers. While the feature is certainly useful for IT managers, it does require deep system access which makes it a hard to resist target for attackers. If the Management Engine is compromised, it could give attackers complete control of the system. After several research groups discovered bugs in the feature, Intel sent out a security advisory confirming that vulnerabilities exist in the Management Engine.

A recent research caused Intel to perform a security audit on the feature. The audit revealed new vulnerabilities in Management Engine as well as in the remote server management tool Server Platform Services. Vulnerabilities were also discovered in the Trusted Execution Engine hardware authentication tool.

Almost every recent Intel chip is affected by these vulnerabilities and these chips power countless PCs, servers, and Internet of Things devices. Even if Intel releases security patches to OEMs, customers may not get them quickly as it will be up to the hardware companies to release those security updates.

Intel has put up a list of available firmware updates but there aren’t a lot of OEMs that have started rolling them out as yet, so the list leaves a lot to be desired.

“Businesses, systems administrators, and system owners using computers or devices that incorporate these Intel products should check with their equipment manufacturers or vendors for updates for their systems, and apply any applicable updates as soon as possible,” the company said in a statement.

Filed in Computers. Read more about Intel.

User Comments