Sunday May 07, 2017

Fix Those Pesky Hacking Holes in Intel AMT

Last week Intel let us all know that its Intelآ® Active Management Technology, Intelآ® Small Business Technology, and Intelآ® Standard Manageability products have an "elevation of privilege" issue that basically allows a "hacker" to enter a blank password into the AMT's web browser interface. This is obviously an issue, however Intel has stated that it is not a problem with consumer based PCs. So all you admins take notice!

There is an escalation of privilege vulnerability in Intelآ® Active Management Technology (AMT), Intelآ® Standard Manageability (ISM), and Intelآ® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs with consumer firmware, Intel servers utilizing Intelآ® Server Platform Services (Intelآ® SPS), or Intelآ® Xeonآ® Processor E3 and Intelآ® Xeonآ® Processor E5 workstations utilizing Intelآ® SPS firmware.

News Image

Head over and check out Intel's Detection Guide as well as an identification tool.

The INTEL-SA-00075 Discovery Tool can be used by local users or an IT administrator to determine whether a system is vulnerable to the exploit documented in Intel Security Advisory INTEL-SA-00075. It is offered in two versions.

Discussion