Intel patches security vulnerability that's existed for nearly a decade

Shawn Knight

Posts: 15,240   +192
Staff member

Intel has finally patched a security vulnerability that has existed in many of its chips since the days of Nehalem in 2008 all the way through 2017’s Kaby Lake.

In an advisory published May 1, Intel describes the vulnerability as an elevation of privilege type with a critical severity rating.

It is found in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5 and 11.6 and can allow an attacker to “gain control of the manageability features provided by these products.”

Specifically, Intel says there are two ways the vulnerability can be accessed:

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM) (CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT) (CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

SemiAccurate, which says it has been pestering Intel to fix the issue for “literally years,” claims there is literally no Intel box made in the last 9+ years that isn’t at risk although Intel specifically states that “this vulnerability does not exist on Intel-based consumer PCs.”

Intel recommends looking over this document to determine if you have an AMT, SBA or ISM-capable system and this guide to see if your system has the impacted firmware.

Permalink to story.

 
Well I suppose better late than never .... but they certainly took their sweet time getting around to it ....
 
That's all good and well but the problem lies in the microcode of the chips. How does the user go about fixing that? I suppose they'll have to wait for a BIOS update for their mobo's and if they're two years or older... good luck getting that.
 
I've always had a feeling that this feature is a major security disaster.
It's always default enabled and accessible.
I usually try to disable it if I can.
Just scanned my Lenovo Thinkpad T530 and sure it's vulnerable.
I'm supposed to be able to enter the MEBx menu by pressing "CTRL + P" when the BIOS is set to diagnostic boot mode and during POST shows the ME version details.
But it just does not work, wonderful!

Now weather that is because I use a ATA password on my mSATA SSD or some other obscure reason I really don't know!
 
I just got tasked with researching this in our workplace. Looks like there is a AMT SDK that gets you access to a scanning tool and Powershell modules. I have to search and patch 1100 endpoints =/
 
How about something simple like you go to an Intel CPU vulnerability web site, click a button and it tells you your CPU is one that is problematic. Click again and get it fixed. And we await the class-action lawsuits...
 
Fixes released for allot of Lenovo systems now, including my T530 at the link above.
Installed it without issue, but got surprised by that it's not a BIOS update.
But an update specifically for the ME firmware.
I already had the latest BIOS but the ME firmware was from 2012-09-24 (first release).
Actually when I was poking around inside the BIOS of a Lenovo T540p I found allot of scary references to SHA1.
Looking at the changelog that was fixed about a year ago.
And before that in December 2014 they removed SSL3 support due to the POODLE vulnerability!
Just crazy to have this deep level firmware management "backdoor" and that's it's by default enabled and very difficult to disable!
 
Back