Intel warns of vulnerabilities in BIOS NUC computers

Intel warns of a vulnerability in the BIOS of its NUC computers, which could allow attackers to gain access to System Management Mode. The manufacturer says it will release updates to fix the problem.

To exploit the vulnerability, an attacker must have access to the local admin account. Intel reports that the smm can then be accessed via the bios. There is no description of the vulnerability, but Intel says it was discovered by security researcher Dmytro Oleksiuk. He discovered a similar vulnerability in Lenovo laptops and several Gigabyte motherboards earlier this year.

The researcher refers on Twitter to Intel’s warning, noting that there are no updates available yet to fix the vulnerability. Intel itself has made a list of affected products and mentions the recommended bios versions that users should install. In many cases, these are older bios versions that have already been released. Intel says in the message, however, that it will also come up with updates.

Last year it turned out that older Intel processors contain a vulnerability in the smm, which makes it possible to implement rootkits that cannot be detected. It is not clear to what extent the new vulnerability is related to that discovery.

Originally, the System Management Mode was built in for power management, but many functionalities have been added. For example, the trusted platform module, in which encryption keys can be stored, is housed in smm.

Intel has identified the problem with some of its own NUCs, and the company’s Compute Stick is also vulnerable. In its announcement, Intel states that updates will be released, but at the time of writing no new bios versions for the affected products are available.