igor - Fotolia
Intel issued a firmware update to fix a critical flaw in remote management features that could be exploited by attackers to take full control of computers on vulnerable networks.
The vulnerability has existed for almost a decade in Intel’s Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability firmware.
All versions of the firmware from version 6 up to and including version 11.6 are affected, but all versions before 6 and after 11.6 are not affected.
Vulnerable firmware should be updated, the advisory said, but if a firmware update is not available from a company’s supplier, Intel has outlined some mitigations such as disabling or removing a Windows service called Local Manageability Service.
According to the advisory, there are two ways the vulnerability could be exploited by attackers.
First, an unprivileged network attacker could gain system privileges to Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM), but not Small Business Technology.
Second, an unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability to all vulnerable versions of firmware.
Intel reportedly said it was notified of the vulnerability by security researcher in March 2017, but the company was not aware of any exploitation of the vulnerability.
Commenting on the severity of the flaw in Intel’s Active Management Technology (AMT), developer Matthew Garrett said only businesses that have explicitly enabled AMT are at risk.
“The drivers that allow local users to provision the system would require administrative rights to install, so as long as you don’t have them installed then the only local users who can do anything are the ones who are admins anyway,” he said in a blog post.
Garrett said this mean every Intel system built since 2008 can be taken over by hackers because most Intel systems do not have AMT and most Intel systems with AMT do not have it turned on.
However, he said this is still “a big deal” because fixing it requires a system firmware update, and many of the affected machines are no longer receiving firmware updates from their manufacturers, which means anyone who ever enables AMT on one of these unpatched devices will be vulnerable.
Garrett believes users should have full control over what is running on their systems. “Leaving firmware updates at the whims of hardware manufacturers who will only support systems for a fraction of their useful lifespan is inevitably going to end badly,” he said.