Intel’s business processors have had serious leaks since 2008

Intel’s Active Management Technology contains serious vulnerabilities that allow attackers to use its management features to gain access to entire systems and networks. The vulnerabilities are in firmware versions from 2008.

Intel warns of vulnerabilities in Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. The vulnerability is in firmware versions from 6.x of the Nehalem generation of processors up to and including 11.6 from Kaby Lake. Attackers can gain access to AMT, ISM, and ISB management functions through the vulnerability, and use this low-level management to undetected control entire systems and networks.

The vulnerable management features are part of Intel’s vPro platform for business processors. Intel’s consumer chips are not affected by the leak, according to the maker. The CPUs of, among other things, company PCs, business laptops, workstations, NAS systems, servers, etc., can be affected, provided they are supplied with AMT. The company has released a guide explaining how users can use a detection tool to find out if a system has a business processor with AMT.

The firmware vulnerability, labeled CVE-2017-5689, was discovered in March by Embedi researcher Maksim Malyutin. New firmware versions should fix the problem. Intel refers to the OEMs for this, which gives the updated firmware version names with the last four-digit number starting with a ‘3’, à la XXXX.3XXX. Intel is working with system builders to provide new firmware as soon as possible. Alternatively, Intel describes in a document how users themselves can prevent the vulnerability from being exploited, including by disabling the Local Manageability Service and setting certain restrictions for local management.

The security and integrity of Intel’s AMT has been questioned for some time, partly because Intel keeps the code for the Intel Management Engine subsystem closed.