This article was published on May 2, 2017

Intel patched a nine-year-old vulnerability that allowed remote control of enterprise PCs


Intel patched a nine-year-old vulnerability that allowed remote control of enterprise PCs

Silicon manufacturing giant Intel has come under fire after it’s emerged that the company had sold workstation and server chips with a flaw that could see a remote attacker gain absolute control over the machine.

The bug is found in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology firmware versions 6.x to 11.6. If exploited, it could give an attacker near-unfettered access to the targeted machine.

AMT is a management tool that allows an authorized user to remotely manage a machine, giving serial access, and with the right drivers, it can offer a remote-desktop experience.

Typically, AMT requires the user to authenticate with a password – but this vulnerability essentially circumvents that process, giving the keys to the kingdom to anyone with a copy of Metasploit.

If the computer is on a misconfigured network where network port 16992 is accessible to the outside world, it means that anyone sitting anywhere in the world can take advantage of these features. Even if that isn’t the case, someone could attack it from within the network.

Perhaps the most troubling facet of this saga is that the bug – which mercifully, isn’t found in consumer Intel chips – remained undetected for almost nine years. Intel has been selling vulnerable silicon for almost a decade. There must be, quite literally, hundreds of millions of computers at risk.

And given the chips are used overwhelmingly on corporate machines, it means the risk those machines are holding sensitive information is amplified significantly.

Charlie Demerjian, writing on semiconductor industry blog SemiAccurate said, “the short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole.”

He added, “even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network.”

This is bad. As a temporary stop-gap measure, you’re best checking out the mitigation guide which Intel has released in response to this major security SNAFU.

The only real fix is a firmware update issued by Intel, which manufacturers are to push downstream to users. Given the glacial pace at which computer manufacturers move, this might take a while. And if your machine is manufactured by a no-name, budget computer maker, you might as well forget about it.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with