Privacy and Information Security, Intel AMT Vulnerability

Critical remotely exploitable vulnerability in many commodity workstations using Intel AMT

On May 5, 2017 a critical vulnerability in Intel's Active Management Technology (AMT) was published. Intel AMT is a BIOS-level utility that enables advanced remote hardware management on enpoints. The vulnerability is an authentication-bypass which exposes an interface that can potentially be used to remotely gain hardware-level access and control of any machine featuring AMT, even if the machine is powered down in many instances. Intel AMT is most commonly used in commodity desktop hardware offered by Dell, HP, Lenovo, and others.

The issue enables remote code execution, and there exists proof-of-concept exploit code. Even though the campus firewall will mitigate some external exposure, Privacy & Security strongly recommends acting as soon as possible.

For IT pros: P
atch or follow vendor mitigation instructions for this vulnerability as soon as possible. At the time of this writing, specific patches may not be available for all affected hardware, so please check with your channel partners.

For Faculty or staff: If you have concerns on a Windows 7 or Windows 10 desktop computer, use the Intel detection tool (link provided below). Your IT support staff may approach you to evaluate or perform a fix for this on your computing hardware. If you have questions about your workstation, contact your IT Support staff.

Detection in Windows 7 or 10 can be achieved through use of Intel's AMT vulnerability detection tool:

Intel has published a Mitigation Guide:

More information:

Keywords:security, privacy, vulnerability, exposure, workstation, intel   Doc ID:73253
Owner:Chuck G.Group:University of Illinois Technology Services
Created:2017-05-11 13:40 CDTUpdated:2017-05-11 14:11 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0