System firmware of certain products does not completely protect platform configuration data.
During resume from sleep, system firmware needs to reinitialize hardware to a secured configuration. In order to protect against malware that has already compromised an OS, firmware must protect all of this configuration data and the mechanism by which it is processed. This firmware update adds protections to the platform configuration data.
Intel strongly recommends that users install the above firmware updates to mitigate this issue.
Intel would like to thank the following individuals and organizations for reporting the issue and working with us: Rafal Wojtczuk from Bromium, Corey Kallenberg from LegbaCore, and Intel Advanced Threat Research.