Intel announced that it has been working with computer manufacturers to validate and release firmware updates that would patch the recently discovered (but potentially more than seven years old) Active Management Technology (AMT) security vulnerability.
AMT Vulnerability
Embedi security researcher Maksim Malyutin uncovered an Intel AMT security vulnerability in February, which he disclosed to the company. Intel and Malyutin agreed to keep the vulnerability private until a fix was ready. On May 1, Intel publicly disclosed the vulnerability, after knowledge of it got out. (It’s unclear whether or not Intel was already planning to announce the vulnerability that day or over the next few days.)
The vulnerability in question allows privilege escalation on an Intel PC with the AMT functionality enabled. However, what has made it dangerous is that Intel AMT can normally (as a feature) be accessed remotely due to its “out-of-band capabilities,” when the computer is shut down but still has access to electricity. Therefore, a sophisticated attacker may be able to cause significant damage to a PC or network by exploiting those powerful capabilities.
The somewhat good news is that Intel said this particular AMT vulnerability shouldn’t affect consumer laptops and PCs, but only business computers. These computers would need to have vPro enabled, access to an Intel networking hardware, and the AMT functionality needs to be licensed by the OEM, too.
Intel added that data center servers using the company’s Server Platform Services are not vulnerable to this security flaw, either.
Identifying Vulnerable Systems
When Intel publicly disclosed the AMT security flaw, it also released a detection guide. On May 4, the company released a downloadable discovery tool, as well. Considering the short time span between the public disclosure and the release of a discovery tool or the time when PC OEMs will begin shipping fixes, this may be a hint that Intel wasn’t quite ready to disclose the bug on May 1.
Securing Vulnerable Systems
If Intel’s discovery tool reports a vulnerability or is unable to say whether a particular system is vulnerable, the company recommends system administrators take steps to secure their systems in other ways.
Intel released a mitigation guide, too, which teaches system administrators how to disable the AMT, the Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) software. Disabling these vulnerable business-oriented features should keep the systems safe against the exploitation of this particular privilege escalation vulnerability.
From May 8, PC manufacturers will begin to release patches for their products, which should fix the issue. However, it remains to be seen if the manufacturers will release a patch for all the vulnerable products they’ve sold since 2010, or whether they’ll only patch more recent systems. Intel was not immediately available to clarify this potential issue.
