An Intel-published advisory reveals a bug in its Active Management Technology that lets attackers gain full control of PCs on vulnerable networks. The exploit has been undetected for almost nine years and puts millions of business computers at risk.
“There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs,” explained Intel on Monday.
Researchers have been investigating the security hole and what it means for businesses. Reports so far suggest that the issue is only present when Intel AMT is enabled and provisioned inside a network.
Local Manageability Service
Others suggest that Microsoft Windows Local Manageability Service must be running for the exploit to work. Speaking to ARS Technica, Atredis Partner’s HD Moore said:
“It sounds like its only remotely exploitable if the LMS service is running on the affected system (even if AMT is enabled, LMS is the network vector). Only servers running that service (vs. desktop PCs) with the port reachable are exposed to remote code execution.”
Though it’s still a significant issue, especially due to the time period, this limits the number of vulnerable servers. Moore’s Shodan query revealed less than 7,000 servers vulnerable to the exploit worldwide. Of course, thousands of PCs could connect to those servers, and would also be in trouble.
Affected users are told to follow the mitigation guide as a temporary measure, before installing the latest Intel firmware update. You can find out if you’re affected via Intel’s detection guide.