10.05.2016

ALERT: Major NUC security flaw


Intel is releasing updated BIOS firmware for a privilege escalation issue. This issue affects Intel NUC Kits listed in the affected products section below (including the much-touted Skull Canyon). The issue identified is a method that enables malicious code to gain access to System Management Mode (SMM).

A malicious attacker with local administrative access can leverage the vulnerable BIOS to gain access to System Management Mode (SMM) and take full control of the platform. Intel products that are listed below should apply the update.

Intel highly recommends updating the BIOS of all Intel NUC’s to the recommended BIOS or later listed in the table of affected products.

✓ NUC6i7KYB (Skull Canyon - i7)
✓ NUC6i3SYB (Swift Canyon - i3)
✓ NUC6i5SYB (Swift Canyon - i5)
✓ NUC5i7RYKH (Rock Canyon - i7)
✓ NUC5i5RYB (Rock Canyon - i5)
✓ NUC5i3RYB (Rock Canyon - i3)
✓ NUC5CPYH (Pinnacle Canyon – Celeron)
✓ NUC5PPYH (Pinnacle Canyon – Pentium)
✓ NUC5PGYH (Grass Canyon – Pentium)

Source: Intel