CHIPMAKER Intel has issued a firmware upgrade to patch a security flaw that has been present in a number of the company’s enterprise PCs since 2008.
The flaw affects the company’s Active Management Technology (AMT), Intel Standard Manageability (ISM) and Small Business Technology (SBT) features, which all form part of the company’s suite of microprocessor features included with enterprise PCs – but home PCs may also be affected.
According to SemiAccurate: “every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the Management Engine (ME) not CPU firmware… from what SemiAccurate gathers, there is literally no Intel box made in the last nine-plus years that isn’t at risk”.
The specialist chip website that it has been aware of the flaw for five years, but claims it didn’t publish its findings because the implications were so far-reaching.
“The problem is quite simple, the management engine (ME) controls the network ports and has DMA access to the system.
“It can arbitrarily read and write to any memory or storage on the system, can bypass disk encryption once it is unlocked (and possibly if it has not, SemiAccurate hasn’t been able to 100 per cent verify this capability yet), read and write to the screen, and do all of this completely unlogged.
“Due to the network access abilities, it can also send whatever it finds out to wherever it wants, encrypted or not,” claims SemiAccurate.
These features were designed to enable centralised IT organisations to more easily manage their fleet of PCs and laptops.
SemiAccurate has conjectured that the only reason why Intel has decided to patch the security flaw is either because it has found evidence of it being exploited in the wild, or because “an affected party” leveraged their influence with Intel to persuade them to do something about it.
According to the report, the good news is that the flaw is only exploitable if AMT is switched on, although it remains “locally exploitable” (presumably by switching it on directly).
For organisations that do make use of AMT, the workaround is cumbersome: while it can be switched off remotely, re-activating will require manual intervention, if there is a patch available for the particular machine.
“Because SemiAccurate strongly suspects this vulnerability is being exploited in the wild [now] … you should take the official mitigation steps as soon as possible. Then contact your OEMs and strongly suggest that firmware patches for every system, including-out-of warranty systems, would be appreciated by you.
“Then go over every embedded Intel board with a fine-toothed comb. Remember, it is every Intel system from Nehalem in 2008 to Kaby Lake in 2017, ME firmware version from 6.0-11.6. If you have or suspect you have these, act now.” µ
Save this article