Intel Finally Patches Critical AMT Bug (Kinda)

Keep on Guard!


Intel finally patches the critical AMT bug discovered in March by security researcher Maksim Malyutin at Embedi, I say ‘kinda’ because it’s not really up to Intel to deploy the fix to the problem. They can’t really push out updates to CPUs, but at least they have fixed it in the firmware and now the vendors have to supply the signed patches.

Intel Finally Patches Critical AMT Bug (Kinda)

We actually wrote about this back in June 2016: Intel Hidden Management Engine – x86 Security Risk? and sure enough a flaw was found in it.

For the past seven years, millions of Intel workstation and server chips have harbored a security flaw that can be potentially exploited to remotely control and infect systems with spyware.

Specifically, the bug is in Intel’s Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows “an unprivileged attacker to gain control of the manageability features provided by these products.”

That means it is possible for hackers to log into a vulnerable computer’s hardware – right under the nose of the operating system – and silently tamper with the machine, install virtually undetectable malware, and so on, using AMT’s features. This is potentially possible across the network because AMT has direct access to the computer’s network hardware.

These insecure management features have been available in various, but not all, Intel chipsets for nearly a decade, starting with 2010’s Intel Q57 family, all the way up to this year’s Kaby Lake Core parts. Crucially, the vulnerability lies at the very heart of a machine’s silicon, out of sight of the operating system, its applications and any antivirus.

The programming blunder can only be fully addressed with a firmware-level update, and it is present in millions of chips. It is effectively a backdoor into computers all over the world.

The vulnerable AMT service is part of Intel’s vPro suite of processor features. If vPro is present and enabled on a system, and AMT is provisioned, unauthenticated miscreants on your network can access the computer’s AMT controls and hijack them. If AMT isn’t provisioned, a logged-in user can still potentially exploit the bug to gain admin-level powers. If you don’t have vPro or AMT present at all, you are in the clear.


So yah if vPro is present and AMT deployed on your servers, you better start bugging your vendor for a patch ASAP. It’s a pretty edge-case set of scenarios that have to exist for you to really be at risk, but still, let’s always err on the side of safety.

Home machines will generally not be vulnerable as they won’t have AMT provisioned.

Intel reckons the vulnerability affects business and server boxes, because they tend to have vPro and AMT present and enabled, and not systems aimed at ordinary folks, which typically don’t. You can follow this document to check if your system is vulnerable – and you should.

Basically, if you’re using a machine with vPro and AMT features enabled, you are at risk. Modern Apple Macs, although they use Intel chips, do not ship with the AMT software, and are thus in the clear.

According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was discovered and reported in March by Maksim Malyutin at Embedi. To get Intel’s patch to close the hole, you’ll have to pester your machine’s manufacturer for a firmware update, and in the meantime, try the mitigations here. These updates, although developed by Intel, must be cryptographically signed and distributed by the manufacturers. It is hoped they will be pushed out to customers within the next few weeks. They should be installed ASAP.

“In March 2017 a security researcher identified and reported to Intel a critical firmware vulnerability in business PCs and devices that utilize Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), or Intel Small Business Technology (SBT),” an Intel spokesperson told The Register.

“Consumer PCs are not impacted by this vulnerability. We are not aware of any exploitation of this vulnerability. We have implemented and validated a firmware update to address the problem, and we are cooperating with equipment manufacturers to make it available to end-users as soon as possible.”

This is the scary thing though when hardware manufacturers (without any easy way to patch or address security flaws) deploy completely out-of-band management systems that are TCP/IP enabled and almost definitely have security flaws.

Perhaps we should just stick to consumer hardware..or not use Intel.

Source: The Register

Posted in: Exploits/Vulnerabilities, Hardware Hacking

, ,


Latest Posts:


Terabytes Of US Military Social Media Spying S3 Data Exposed Terabytes Of US Military Social Media Spying S3 Data Exposed
Once again the old, default Amazon AWS S3 settings are catching people out, the US Military has left terabytes of social media spying S3 data exposed.
SNIFFlab - Create Your Own MITM Test Environment SNIFFlab – Create Your Own MITM Test Environment
SNIFFlab is a set of scripts in Python that enable you to create your own MITM test environment for packet sniffing through a WiFi access point.
Skype Log Viewer Download - View Logs on Windows Skype Log Viewer Download – View Logs on Windows
Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself.
Ethereum Parity Bug Destroys Over $250 Million In Tokens Ethereum Parity Bug Destroys Over $250 Million In Tokens
If you are into cryptocurrency or blockchain at all, you will have heard about the Ethereum Parity Bug that has basically binned $280 Million + ETH.
WPSeku - Black-Box Remote WordPress Security Scanner WPSeku – Black-Box Remote WordPress Security Scanner
WPSeku is a black box WordPress Security scanner that can be used to scan remote WordPress installations to find security issues and vulnerabilities.
Malaysia Telco Hack - Corporations Spill 46 Million Records Malaysia Telco Hack – Corporations Spill 46 Million Records
The Malaysia Telco Hack has been blowing up in the news with over 42 Million Records being leaked including IMEI numbers, SIM details and home addresses.


Comments are closed.