Intel Finally Patches Critical AMT Bug (Kinda)

Use Netsparker


Intel finally patches the critical AMT bug discovered in March by security researcher Maksim Malyutin at Embedi, I say ‘kinda’ because it’s not really up to Intel to deploy the fix to the problem. They can’t really push out updates to CPUs, but at least they have fixed it in the firmware and now the vendors have to supply the signed patches.

Intel Finally Patches Critical AMT Bug (Kinda)

We actually wrote about this back in June 2016: Intel Hidden Management Engine – x86 Security Risk? and sure enough a flaw was found in it.

For the past seven years, millions of Intel workstation and server chips have harbored a security flaw that can be potentially exploited to remotely control and infect systems with spyware.

Specifically, the bug is in Intel’s Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows “an unprivileged attacker to gain control of the manageability features provided by these products.”

That means it is possible for hackers to log into a vulnerable computer’s hardware – right under the nose of the operating system – and silently tamper with the machine, install virtually undetectable malware, and so on, using AMT’s features. This is potentially possible across the network because AMT has direct access to the computer’s network hardware.

These insecure management features have been available in various, but not all, Intel chipsets for nearly a decade, starting with 2010’s Intel Q57 family, all the way up to this year’s Kaby Lake Core parts. Crucially, the vulnerability lies at the very heart of a machine’s silicon, out of sight of the operating system, its applications and any antivirus.

The programming blunder can only be fully addressed with a firmware-level update, and it is present in millions of chips. It is effectively a backdoor into computers all over the world.

The vulnerable AMT service is part of Intel’s vPro suite of processor features. If vPro is present and enabled on a system, and AMT is provisioned, unauthenticated miscreants on your network can access the computer’s AMT controls and hijack them. If AMT isn’t provisioned, a logged-in user can still potentially exploit the bug to gain admin-level powers. If you don’t have vPro or AMT present at all, you are in the clear.


So yah if vPro is present and AMT deployed on your servers, you better start bugging your vendor for a patch ASAP. It’s a pretty edge-case set of scenarios that have to exist for you to really be at risk, but still, let’s always err on the side of safety.

Home machines will generally not be vulnerable as they won’t have AMT provisioned.

Intel reckons the vulnerability affects business and server boxes, because they tend to have vPro and AMT present and enabled, and not systems aimed at ordinary folks, which typically don’t. You can follow this document to check if your system is vulnerable – and you should.

Basically, if you’re using a machine with vPro and AMT features enabled, you are at risk. Modern Apple Macs, although they use Intel chips, do not ship with the AMT software, and are thus in the clear.

According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was discovered and reported in March by Maksim Malyutin at Embedi. To get Intel’s patch to close the hole, you’ll have to pester your machine’s manufacturer for a firmware update, and in the meantime, try the mitigations here. These updates, although developed by Intel, must be cryptographically signed and distributed by the manufacturers. It is hoped they will be pushed out to customers within the next few weeks. They should be installed ASAP.

“In March 2017 a security researcher identified and reported to Intel a critical firmware vulnerability in business PCs and devices that utilize Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), or Intel Small Business Technology (SBT),” an Intel spokesperson told The Register.

“Consumer PCs are not impacted by this vulnerability. We are not aware of any exploitation of this vulnerability. We have implemented and validated a firmware update to address the problem, and we are cooperating with equipment manufacturers to make it available to end-users as soon as possible.”

This is the scary thing though when hardware manufacturers (without any easy way to patch or address security flaws) deploy completely out-of-band management systems that are TCP/IP enabled and almost definitely have security flaws.

Perhaps we should just stick to consumer hardware..or not use Intel.

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking

, ,


Latest Posts:


snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.


Comments are closed.