Developing Intel’s Management Engine – which can be used to remotely administrate, control and update systems over a network – can be exploited by miscreants to silently hijack vulnerable computers.
Specifically, according to Chipzilla, there is a vulnerability in Intel’s AMT, ISM, and Intel Small Business Technology that can “allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.”
Essentially, if you have AMT enabled on your computer, as part of Intel’s vPro features, your machine is at risk, and must be patched once an update is rolled out. This vulnerable technology is present in processor chipsets all the way back to AMT 6, which dates back to around 2008.
In a statement to The Register just a few minutes ago, an Intel spokesman said:
In March, 2017 a security researcher identified and reported to Intel a critical firmware vulnerability in business PCs and devices that utilize Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), or Intel® Small Business Technology (SBT). Consumer PCs are not impacted by this vulnerability.
We are not aware of any exploitation of this vulnerability. We have implemented and validated a firmware update to address the problem, and we are cooperating with equipment manufacturers to make it available to end-users as soon as possible.
For more details, including mitigation steps that can be used prior to application of a firmware update, please see our security advisory
Here’s the actual impact:
- An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM).
- An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
News of the vulnerability was broken earlier today on SemiAccurate.
“The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine),” wrote chip journo Charlie Demerjian.
“If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network.”
Developing – more to follow
Source: SANS ISC SecNewsFeed @ May 1, 2017 at 03:39PM