Intel: PC Manufacturers Will Patch AMT Security Flaw Starting May 8

Intel announced that it has been working with computer manufacturers to validate and release firmware updates that would patch the recently discovered (but potentially more than seven years old) Active Management Technology (AMT) security vulnerability.

AMT Vulnerability

Embedi security researcher Maksim Malyutin uncovered an Intel AMT security vulnerability in February, which he disclosed to the company. Intel and Malyutin agreed to keep the vulnerability private until a fix was ready. On May 1, Intel publicly disclosed the vulnerability, after knowledge of it got out. (It’s unclear whether or not Intel was already planning to announce the vulnerability that day or over the next few days.)

The vulnerability in question allows privilege escalation on an Intel PC with the AMT functionality enabled. However, what has made it dangerous is that Intel AMT can normally (as a feature) be accessed remotely due to its “out-of-band capabilities,” when the computer is shut down but still has access to electricity. Therefore, a sophisticated attacker may be able to cause significant damage to a PC or network by exploiting those powerful capabilities.

The somewhat good news is that Intel said this particular AMT vulnerability shouldn’t affect consumer laptops and PCs, but only business computers. These computers would need to have vPro enabled, access to an Intel networking hardware, and the AMT functionality needs to be licensed by the OEM, too.

Intel added that data center servers using the company’s Server Platform Services are not vulnerable to this security flaw, either.

Identifying Vulnerable Systems

When Intel publicly disclosed the AMT security flaw, it also released a detection guide. On May 4, the company released a downloadable discovery tool, as well. Considering the short time span between the public disclosure and the release of a discovery tool or the time when PC OEMs will begin shipping fixes, this may be a hint that Intel wasn’t quite ready to disclose the bug on May 1.

Securing Vulnerable Systems

If Intel’s discovery tool reports a vulnerability or is unable to say whether a particular system is vulnerable, the company recommends system administrators take steps to secure their systems in other ways.

Intel released a mitigation guide, too, which teaches system administrators how to disable the AMT, the Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) software. Disabling these vulnerable business-oriented features should keep the systems safe against the exploitation of this particular privilege escalation vulnerability.

From May 8, PC manufacturers will begin to release patches for their products, which should fix the issue. However, it remains to be seen if the manufacturers will release a patch for all the vulnerable products they’ve sold since 2010, or whether they’ll only patch more recent systems. Intel was not immediately available to clarify this potential issue.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
  • Glock24
    I have a Gigabyte Q87M-D2H. Hopefully a patch is released for that board.
    Reply
  • Fiqar_
    Great article that. Especially loved the bit about identifying vulnerable systems. Really helpful!
    Reply
  • jimmysmitty
    19652631 said:
    I have a Gigabyte Q87M-D2H. Hopefully a patch is released for that board.

    What CPU do you have? Unless you have a CPU that is supported under the vPro this wont affect you as it is mainly the Business class products that have the full feature set for vPro.

    If you have a K series CPU than it wouldn't work anyways.
    Reply