Intel: PC Manufacturers Will Patch AMT Security Flaw Starting May 8

Intel announced that it has been working with computer manufacturers to validate and release firmware updates that would patch the recently discovered (but potentially more than seven years old) Active Management Technology (AMT) security vulnerability.

AMT Vulnerability

Embedi security researcher Maksim Malyutin uncovered an Intel AMT security vulnerability in February, which he disclosed to the company. Intel and Malyutin agreed to keep the vulnerability private until a fix was ready. On May 1, Intel publicly disclosed the vulnerability, after knowledge of it got out. (It’s unclear whether or not Intel was already planning to announce the vulnerability that day or over the next few days.)

The vulnerability in question allows privilege escalation on an Intel PC with the AMT functionality enabled. However, what has made it dangerous is that Intel AMT can normally (as a feature) be accessed remotely due to its “out-of-band capabilities,” when the computer is shut down but still has access to electricity. Therefore, a sophisticated attacker may be able to cause significant damage to a PC or network by exploiting those powerful capabilities.

The somewhat good news is that Intel said this particular AMT vulnerability shouldn’t affect consumer laptops and PCs, but only business computers. These computers would need to have vPro enabled, access to an Intel networking hardware, and the AMT functionality needs to be licensed by the OEM, too.

Intel added that data center servers using the company’s Server Platform Services are not vulnerable to this security flaw, either.

Identifying Vulnerable Systems

When Intel publicly disclosed the AMT security flaw, it also released a detection guide. On May 4, the company released a downloadable discovery tool, as well. Considering the short time span between the public disclosure and the release of a discovery tool or the time when PC OEMs will begin shipping fixes, this may be a hint that Intel wasn’t quite ready to disclose the bug on May 1.

Securing Vulnerable Systems

If Intel’s discovery tool reports a vulnerability or is unable to say whether a particular system is vulnerable, the company recommends system administrators take steps to secure their systems in other ways.

Intel released a mitigation guide, too, which teaches system administrators how to disable the AMT, the Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) software. Disabling these vulnerable business-oriented features should keep the systems safe against the exploitation of this particular privilege escalation vulnerability.

From May 8, PC manufacturers will begin to release patches for their products, which should fix the issue. However, it remains to be seen if the manufacturers will release a patch for all the vulnerable products they’ve sold since 2010, or whether they’ll only patch more recent systems. Intel was not immediately available to clarify this potential issue.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.
Latest in Security Software
Virtual Private Network
Florida experiences a huge 1,150% surge in VPN use as Pornhub blocks access in response to age-verification law
BadRAM exploit
BadRAM attack breaches AMD secure VMs using a Raspberry Pi Pico, DDR socket, and a 9V battery
Microsoft Defender Mobile VPN UI
Microsoft Defender can now detect insecure Wi-Fi hotspots and enable a VPN — you need to pay for Microsoft 365 and live in a supported region
Kaspersky HQ
U.S. customers wake up to find Kaspersky antivirus sneakily replaced with UltraAV — switchover caught many users by surprise
China's Unisoc launches 'world's first' open architecture RISC-V security chip
Dominic White
CrowdStrike President graciously accepts Pwnie Epic Fail award at DEF CON hacking conference
Latest in News
RX 9070 XT Sapphire
Lisa Su says Radeon RX 9070-series GPU sales are 10X higher than its predecessors — for the first week of availability
RTX 5070, RX 9070 XT, Arc B580
Real-world GPU prices cost up to twice the MSRP — a look at current FPS per dollar values
Zotac Gaming GeForce RTX 5090 AMP Extreme Infinity
Zotac raises RTX 5090 prices by 20% and seemingly eliminates MSRP models
ASRock fixes AM5 motherboard by cleaning it
ASRock claims to fix 'burned out' AM5 motherboard by cleaning the socket
ChatGPT Security
Some ChatGPT users are addicted and will suffer withdrawal symptoms if cut off, say researchers
project-g-assist-nvidia-geforce-rtx-ogimage
Nvidia releases public G-Assist in latest App to provide in-game AI assistance — also introduces DLSS custom scaling factors
  • Glock24
    I have a Gigabyte Q87M-D2H. Hopefully a patch is released for that board.
    Reply
  • Fiqar_
    Great article that. Especially loved the bit about identifying vulnerable systems. Really helpful!
    Reply
  • jimmysmitty
    19652631 said:
    I have a Gigabyte Q87M-D2H. Hopefully a patch is released for that board.

    What CPU do you have? Unless you have a CPU that is supported under the vPro this wont affect you as it is mainly the Business class products that have the full feature set for vPro.

    If you have a K series CPU than it wouldn't work anyways.
    Reply