Remote security exploit in Intel Platforms

Posted on 2017-05-02 by guenni

[German]Intel platforms from Nehalem to Kaby Lake has a critical vulnerability. Attackers can remotely access an exploitable elevation of privilege security hole. While no consumer systems are affected, Intel and it's OEMs ships a firmware update.

Advertising

The critical remote security exploit affects the firmware of Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology. The site semiaccurate.com has discovered this bug and informed Intel about that. They are also requesting a fix. On May 1, 2017,  Intel has published the advisory INTEL-SA-00075, addressing this security issue:

Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

Intel ID: INTEL-SA-00075

Product family: Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability

Impact of vulnerability: Elevation of Privilege
Severity rating: Critical

Original release: May 01, 2017
Last revised: May 01, 2017

Intel says, all firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6 of Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology Firmware are affected. An attacker with normal privileges can gain control of the manageability features provided by these products. Intel describes two ways for attacks:

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
    • CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
    • CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

More details may be read on Intel's security ddvisory. Intel says, firmware updates are provided by OEMs.

Advertising
This entry was posted in computer, devices, Security and tagged , , . Bookmark the permalink.

One Response to Remote security exploit in Intel Platforms

  1. PC Cobbler says:
    2017-05-03 at 2:30

    Intel did indeed state, "This vulnerability does not exist on Intel-based consumer PCs," but that's not the whole story. AMT only functions with a number of components: a processor with vPro, a motherboard with a Q-chipset, and a server to communicate with AMT-enabled PCs. However, around half of Intel's processors are vPro-enabled, with vPro being the most important component of AMT. Q-chipset motherboards are not generally sold at computer stores, but they are available at Newegg and other vendors. And the part of the server is taken by the hacker. So a consumer can build an AMT-vulnerable PC, intentionally or otherwise. Intel has not revealed the secrets of the Q-chipset with respect to AMT, so maybe it's not insurmountable. You might find the following Intel link interesting. https://communities.intel.com/thread/104419

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).