https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
This looks quite nasty security issue for very many PCs.
It seems that Intel has confirmed it. You can read their advisory here.
The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware.
2 Comments
Tomi Engdahl says:
Intel Warns of Critical Vulnerability in Processor Firmware
http://www.securityweek.com/intel-warns-critical-vulnerability-processor-firmware
Nine-Year-Old Critical Vulnerability Affects Intel Active Management Technology
Intel issued a critical alert Monday concerning an escalation of privilege vulnerability affecting Intel Active Management Technology (AMT), Intel Small Business Technology (SBT), and Intel Standard Manageability. Firmware updates are available in all cases — but that’s not the end of the story.
While the Intel alert states, “This vulnerability does not exist on Intel-based consumer PCs,” security commentators such as Charlie Demerjian suggest “there is literally no Intel box made in the last 9+ years that isn’t at risk. This is somewhere between nightmarish and apocalyptic.” The vulnerability affects every Intel system from Nehalem in 2008 to Kaby Lake in 2017.
According to Intel, the vulnerability (CVE-2017-5689) can be accessed in two ways. Where AMT and ISM have been provisioned, an unprivileged network attacker could gain system privileges. Where not provisioned, a local attacker could provision them and gain local system privileges on AMT, ISM and SBT. Intel gives no details on the vulnerability itself.
AMT is intended to give IT departments a means to manage client systems. When enabled, packets sent to ports 16992 or 16993 are redirected through Intel’s Management Engine (a small, separate processor independent of the main CPU) and passed to AMT. The operating system never sees these packets. AMT can be used to install media, reboot the machine and more, remotely. It requires a password for access; but this vulnerability suggests that the password can be bypassed.
Tomi Engdahl says:
Is Intel’s Management Engine Broken?
http://hackaday.com/2017/05/02/is-intels-management-engine-broken/
Betteridge’s Law of Headlines states, “Any headline that ends in a question mark can be answered by the word no.” This law remains unassailable. However, recent claims have called into question a black box hidden deep inside every Intel chipset produced in the last decade.
Yesterday, on the Semiaccurate blog, [Charlie Demerjian] announced a remote exploit for the Intel Management Engine (ME). This exploit covers every Intel platform with Active Management Technology (AMT) shipped since 2008. This is a small percentage of all systems running Intel chipsets, and even then the remote exploit will only work if AMT is enabled. [Demerjian] also announced the existence of a local exploit.
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/