Intel warns of decade-old AMT vulnerability

May 2, 2017 | 11:20

Tags: #active-management #amt #core #firmware #insecurity #ism #security #vulnerability

Companies: #intel

Intel has warned of a serious vulnerability in its Active Management Technology (AMT) platform, covering all its processors from the original Core models all the way through to its latest Kaby Lake parts.

Discovered in late April by security researcher Maksim Malyutin and announced this weekend, the security vulnerability disclosed by Intel covers its Active Management Technology (AMT), Small Business Technology, and Standard Manageability (ISM) platforms - all of which, ironically, exist to make it easier for corporate environments to manage and maintain the security of desktops and servers. The privilege escalation flaw allows for local exploitation on all affected systems, boosting unprivileged malicious code up to network or local system privileges silently and without user interaction. If that were not bad enough news, those using the Intel AMT or ISM platforms for centralised management have inadvertently opened up a more serious hole allowing for remote exploitation of all affected systems connected to a management device.

In partial mitigation, Intel has claimed that the flaw affects only corporate users and that its consumer-oriented products - which make up the majority of its revenue - are not affected. Richard Porter, of the SANS Technology Institute, warns that might not be the full story: 'The document also states very clearly that "this vulnerability does not exist on Intel-based consumer PCs." However, the affected and resolved firmware table indicates which generation of the Core CPU architecture is affected. This seems to be a bit of a contradiction to me,' he wrote in an analysis of the vulnerability. 'I also find it very odd to see a security advisory on Intel AMT that does not mention vPro (the matching feature on the workstation) even once. If this issue could be leveraged to compromise unmanaged but vPro equipped desktops, laptops and other equipment, this could get very bad, very quickly (or worse than it is now anyway).'

For those who are definitely affected, though, the list of products is long: Intel has confirmed that CPUs dating back to the original first-generation Core family, released back in 2006, and running through to its very latest seventh-generation Kaby Lake parts are vulnerable to exploitation. Sadly, fixing the flaw is far from simple: The vulnerability needs to be patched by motherboard vendors, rather than Intel itself, and released as a firmware update. With few manufacturers still supporting devices from a decade ago, it's likely the majority of affected systems will never receive a fix for the flaw - though Intel's mitigation guide (PDF warning) goes some way to reducing the risk of exploitation.

More details are available in the official security advisory.
Discuss this in the forums
YouTube logo
MSI MPG Velox 100R Chassis Review

October 14 2021 | 15:04