Intel has finally patched a security vulnerability that has existed in many of its chips for nearly a decade
Over the last decade or so, Intel has dedicated enormous efforts to the security of their microcontrollers. For Intel, this is the only logical thing to do; you really, really want to know if the firmware running on a device is the firmware you want to run on a device. Intel’s first efforts toward cryptographically signed firmware began in the early 2000s with embedded security subsystems using Trusted Platform Modules (TPM). These small crypto chips, along with the BIOS, form the root of trust for modern computers. If the TPM is secure, the rest of the computer can be secure, or so the theory goes. The TPM model has been shown to be vulnerable to attack, though. Intel’s solution was to add another layer of security: the (Intel) Management Engine (ME). Extremely little is known about the ME, except for some of its capabilities. The ME has complete access to all of a computer’s memory, its network connections, and every peripheral connected to a computer. It runs when the computer is hibernating, and can intercept TCP/IP traffic. Own the ME and you own the computer.
In an advisory published May 1, Intel describes the vulnerability as an elevation of privilege type with a critical severity rating. It is found in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5 and 11.6 and can allow an attacker to “gain control of the manageability features provided by these products.”
Specifically, Intel says there are two ways the vulnerability can be accessed:
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM) (CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT) (CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Many of you already have expressed your displeasure over Intel's Active Management Technology (AMT) and Management Engine (ME) for various reasons in the past and now it's been disclosed that for years there has been a vulnerability in this business-oriented feature that could open your Intel systems up to attackers. Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability are subject to a hole allowing an unprivileged attacker to gain control of the management features for these products. The issue was made public today via INTEL-SA-00075. For those with AMT enabled on their systems, it can affect supported processors going back to 2008 when AMT6 debuted -- thus the vulnerability covers from Nehalem to Kabylake CPUs.
Intel recommends looking over this document to determine if you have an AMT, SBA or ISM-capable system and this guide to see if your system has the impacted firmware. http://www.intel.com/content/dam/support/us/en/documents/technologies/intel%20amt%20%20security%20best%20practice%20qa.pdf