intel-amt-vulnerability-shows-intel-s-management-engine-can-be-dangerous

Intel AMT Vulnerability Shows Intel’s Management Engine Can Be Dangerous

For the past nine years, millions of Intel desktop and server chips have harbored a security flaw that can exploited to remotely control and infect vulnerable systems with spyware.

Intel has now rated the vulnerability of bug-ridden systems as critical and is urging customers using the compromised CPUs to install the firmware patch as soon as possible.

First, an unprivileged network attacker could gain system privileges to Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM), but not Small Business Technology.

Another Intel partner, who wished to remain anonymous, said that his clients using vPro features see the flaw as a concern – but not a workflow stopper. To get Intel’s patch to close the hole, you’ll have to pester your machine’s manufacturer for a firmware update, and in the meantime, try the mitigations here.

You can find the complete Intel’s guide to detect and mitigate this security threat here.

Intel said that this particular vulnerability doesn’t affect consumer chips. Or “critical”, as Intel rates it, as it opens the door for an unprivileged attacker to gain control of the manageability features provided the aforementioned products. The company has backported its patch to all the affected firmware versions to ensure every impacted processor model is covered.

Intel said the flaw was discovered and reported to it privately in March by security researcher Maksim Malyutin at Embedi.

If Intel redesigned the ME environment on its chips, it should be possible to allow users to easily and completely disable Intel ME.

The vulnerable Active Management Technology (AMT) service is part of the Intel Management Engine, which is built into PCs with Intel vPro technology. Local attackers, meanwhile, could exploit the flaw in either of those technologies, or in the Small Business Technology product, to access systems without having to authenticate them.

The main problem may be that the firmware needs to be released by the makers of those computers, and some of them may not release firmware updates for machines that are more than a few years old. The vulnerability shows that Intel ME’s out-of-bound functionality, such as installing software remotely on PCs, could pose serious dangers to systems, as some free software activists have already warned.

As Intel’s AMT allows access to a machine’s network hardware, an attacker could exploit the security hole and spread attacks to other systems on a network. The list includes every desktop and notebook platform Intel has released since first-generation Core series Nehalem processors in 2008 through the 7th-gen Kaby Lake processors now on the market.

“We would, of course, still recommend that customers should perform the firmware updates provided by Intel if they have the AMT versions that are vulnerable”, said one partner, who wished to remain anonymous. Since this “cooperation” could take months, years or even forever to happen, the company has shared a document for mitigation in case a firmware update is not available from your OEM.

Leave a Reply

Your email address will not be published. Required fields are marked *