{"id":4512,"date":"2017-05-03T23:44:28","date_gmt":"2017-05-03T15:44:28","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=4512"},"modified":"2017-05-03T23:44:41","modified_gmt":"2017-05-03T15:44:41","slug":"intel-finally-patches-critical-amt-bug-kinda","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2017\/05\/intel-finally-patches-critical-amt-bug-kinda\/","title":{"rendered":"Intel Finally Patches Critical AMT Bug (Kinda)"},"content":{"rendered":"

Intel finally patches the critical AMT bug discovered in March by security researcher Maksim Malyutin at Embedi, I say ‘kinda’ because it’s not really up to Intel to deploy the fix to the problem. They can’t really push out updates to CPUs, but at least they have fixed it in the firmware and now the vendors have to supply the signed patches.<\/p>\n

\"Intel<\/p>\n

We actually wrote about this back in June 2016: Intel Hidden Management Engine \u2013 x86 Security Risk?<\/a> and sure enough a flaw was found in it.<\/p>\n

For the past seven years, millions of Intel workstation and server chips have harbored a security flaw that can be potentially exploited to remotely control and infect systems with spyware.<\/p>\n

Specifically, the bug is in Intel’s Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows “an unprivileged attacker to gain control of the manageability features provided by these products.”<\/p>\n

That means it is possible for hackers to log into a vulnerable computer’s hardware \u2013 right under the nose of the operating system \u2013 and silently tamper with the machine, install virtually undetectable malware, and so on, using AMT’s features. This is potentially possible across the network because AMT has direct access to the computer’s network hardware.<\/p>\n

These insecure management features have been available in various, but not all, Intel chipsets for nearly a decade, starting with 2010’s Intel Q57 family, all the way up to this year’s Kaby Lake Core parts. Crucially, the vulnerability lies at the very heart of a machine’s silicon, out of sight of the operating system, its applications and any antivirus.<\/p>\n

The programming blunder can only be fully addressed with a firmware-level update, and it is present in millions of chips. It is effectively a backdoor into computers all over the world.<\/p>\n

The vulnerable AMT service is part of Intel’s vPro suite of processor features. If vPro is present and enabled on a system, and AMT is provisioned, unauthenticated miscreants on your network can access the computer’s AMT controls and hijack them. If AMT isn’t provisioned, a logged-in user can still potentially exploit the bug to gain admin-level powers. If you don’t have vPro or AMT present at all, you are in the clear.<\/p><\/blockquote>\n