If you are using Intel’s vPro chips from 2010 to its latest Kaby Lake and have Intel active management technology (AMT) enabled hackers could breach your networks.
Intel has released an updated version of its Intel SCS – System Discovery utility to help enterprise users to identify Firmware version and Intel manageability SKU of a system to help in determining if a system is vulnerable to a now known privilege escalation issue. It relates to the use of AMT and Intel’s Small Business Advantage solutions – it is not really a CPU issue.
Intel says there is an escalation of privilege vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs – only those with vPro processors and AMT enabled.
Intel acknowledges the work of Maksim Malyutin from Embedi for reporting this issue and working with it on coordinated disclosure.
{loadposition ray}
At present, there are no reported exploits of this vulnerability but IT Admins will need to patch very quickly – the time from announcement to exploitation is measured in hours. It shows that servers directly connected to the internet, even for remote administration that firewalls allow, are not a great idea.
This vulnerability gives extremely low-level OS access to the network. While it affects Windows-based machines Arstechnica has stated that Macs using vPro chips and running OSX may also be affected as well. In many cases it will require a firmware update from the computers manufacturer.