Hidden Bug In Intel Core Machines For The Past 9 Years


On 1 May, Intel’s security center confirmed that a “critical” privilege vulnerability affects its Intel Standard Manageability (ISM), Intel Small Business Technology, and Active Management Technology (AMT) firmware. The flaw resides in those products’ firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. It does not exist on consumer-based PCs.

The AMT and ISM SKUs are also potentially vulnerable to network attacks from unprivileged users. Versions of the manageability firmware after 11.6 are not affected, and the vulnerability does not affect Intel-based consumer PCs.

Researchers at Embedi found the critical Active Management Technology (AMT) flaw in Intel chips. According to Embedi CTO, Dmitry Evdokimov, there are some false assumptions about the vulnerability, otherwise known as Intel Standard Manageability Escalation of Privilege – INTEL-SA-00075 (CVE-2017-5689).

He said the vulnerability was discovered by Embedi researcher Maks Malyutin in mid-February and was disclosed on March 3

He said that the vulnerability impacts only Intel PCs, laptops and servers with the enabled Intel AMT feature turned on. No consumer PCs should be affected as per the reports. However, Evdokimov also noted that they have also found that the systems without the official AMT support can also be at a risk.

The discovered vulnerability is logical in nature which allows a remote attacker to take full control (log in as admin) of any AMT service the system is capable of. The vulnerability could also allow an attacker to gain a remote access to AMT services such as the keyboard, video, and mouse (KVM), IDE Redirection, Serial over LAN and BIOS setup and editing.

But Evdokimov points out when any of the above AMT features are activated by a third party, the activities of the attacker can’t be easily hidden from the target system user.

Intel is urging customers running affected versions of the firmware to seek updated firmware from their OEMs as soon as possible. But because it will be up to OEMs to issue updated firmware to address the flaw, and to enterprise customers to install the new firmware, many systems are likely to remain unpatched.

If no firmware is available, Intel has issued a mitigation guide detailing potential steps including non-provisioned client systems vulnerable to the issue, disabling or removing the Intel Management and Security Application Local Management Service (LMS), and setting local manageability configuration restrictions.