igor - Fotolia
Intel urges business to patch critical remote-execution flaw
Intel advises business customers to apply a security update for some versions of its administration firmware for vPro processors to fix a remote execution flaw
Intel issued a firmware update to fix a critical flaw in remote management features that could be exploited by attackers to take full control of computers on vulnerable networks.
The vulnerability has existed for almost a decade in Intel’s Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability firmware.
Business customers use those services to track, manage and secure computers running Intel vPro processors, but the flaw does not affect chips in consumer PCs, Intel said in an advisory.
All versions of the firmware from version 6 up to and including version 11.6 are affected, but all versions before 6 and after 11.6 are not affected.
Intel advised businesses that use any of the affected firmware to check if their version is vulnerable using Intel’s system discovery utility.
Vulnerable firmware should be updated, the advisory said, but if a firmware update is not available from a company’s supplier, Intel has outlined some mitigations such as disabling or removing a Windows service called Local Manageability Service.
According to the advisory, there are two ways the vulnerability could be exploited by attackers.
First, an unprivileged network attacker could gain system privileges to Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM), but not Small Business Technology.
Second, an unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability to all vulnerable versions of firmware.
Read more about firmware vulnerabilities
- Most businesses vulnerable to cyber attacks through firmware, study shows
- An Android backdoor was discovered in the Ragentek firmware used in almost three million low-cost devices
- Fast pace of IoT firmware updates challenges developers.
Intel reportedly said it was notified of the vulnerability by security researcher in March 2017, but the company was not aware of any exploitation of the vulnerability.
Commenting on the severity of the flaw in Intel’s Active Management Technology (AMT), developer Matthew Garrett said only businesses that have explicitly enabled AMT are at risk.
“The drivers that allow local users to provision the system would require administrative rights to install, so as long as you don’t have them installed then the only local users who can do anything are the ones who are admins anyway,” he said in a blog post.
Garrett said this mean every Intel system built since 2008 can be taken over by hackers because most Intel systems do not have AMT and most Intel systems with AMT do not have it turned on.
However, he said this is still “a big deal” because fixing it requires a system firmware update, and many of the affected machines are no longer receiving firmware updates from their manufacturers, which means anyone who ever enables AMT on one of these unpatched devices will be vulnerable.
Garrett believes users should have full control over what is running on their systems. “Leaving firmware updates at the whims of hardware manufacturers who will only support systems for a fraction of their useful lifespan is inevitably going to end badly,” he said.