Intel AMT Vulnerability

What is Intel AMT (Active Management Technology)?
Intel Active Management Technology (AMT) is hardware and firmware technology for remote out-of-band management of personal computers, in order to monitor, maintain, update, upgrade, and repair them.

How this vulnerability works?
You can remotely commandeer and control computers that use vulnerable Intel chipsets by sending them empty authentication strings.

The vulnerability in question allows privilege escalation on an Intel PC with the AMT functionality enabled. However, what has made it dangerous is that Intel AMT can normally (as a feature) be accessed remotely due to its “out-of-band capabilities,” when the computer is shut down but still has access to electricity. Therefore, a sophisticated attacker may be able to cause significant damage to a PC or network by exploiting those powerful capabilities.

These computers would need to have vPro enabled, access to an Intel networking hardware, and the AMT functionality needs to be licensed by the OEM, too.

How to identify vulnerable systems and mitigate the issue?
When Intel publicly disclosed the AMT security flaw, it also released a detection guide. On May 4, the company released a downloadable discovery tool. This is also accompanied by a mitigation guide which will instruct the System Administrators on how they can disable AMT, ISM and SBT. Disabling these vulnerable business-oriented features should keep the systems safe against the exploitation of this vulnerability.

What to do once we have secured our systems?
From today (8th of May 2017) PC manufacturers will begin to release patches for their products, which should fix the issue. However, it remains to be seen if the manufacturers will release a patch for all the vulnerable products they’ve sold since 2010, or whether they’ll only patch more recent systems.

If you are unsure whether your hardware will be supported, and will subsequently have the bug fixed by a firmware update, we would advise contacting the Vendor in question.

Credit to the following resources:

http://www.theregister.co.uk/2017/05/05/intel_amt_remote_exploit/?page=1

https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/

http://www.tomshardware.com/news/intel-amt-patch-may-8,34342.html