Insecure Handling of BIOS and AMT Passwords

Summary:

Intel is releasing patches to mitigate security vulnerability CVE-2017-5704

Description:

Platform sample code firmware included with 4th Gen Intel® Core™ Processor (Haswell), 5th Gen Intel® Core™ Processor (Broadwell), 6th Gen Intel® Core™ Processor (Skylake), and 7th Gen Intel® Core™ Processor (Kaby Lake) potentially exposes password information in memory to a local attacker with administrative privileges.

• High 7.2 CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Affected products:

Platform sample code for the following processor generations:
• 4th Gen Intel® Core™ Processor (Haswell)
• 5th Gen Intel® Core™ Processor (Broadwell)
• 6th Gen Intel® Core™ Processor (Skylake)
• 7th Gen Intel® Core™ Processor (Kaby Lake)

Recommendations:

Intel has released updated firmware to address these issues and recommends that end-users contact their system manufacturers for updated system firmware.