Intel has just patched a vulnerability which has been open and exploitable in all its enterprise targeted Core processors – for the last nine years. Since 2008 Intel’s business-focussed PC processors have shipped with Active Management Technology (AMT), Intel Standard Manageability (ISM) and Small Business Technology (SBT) features – all useful features for remote management. However, these powerful features could be accessed by anyone with a copy of Metasploit on the same network, or from anywhere in the world if port 16992 was left accessible.
A firmware patch has been released by Intel, said to be capable of filling in the security holes left open by its enterprise remote management features. The ‘critical escalation of privilege’ vulnerability was present in firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 and allowed “an unprivileged attacker to gain control of the manageability features provided by these products”. Intel emphasises that the remote access vulnerability does not exist on Intel-based consumer PCs.
If the above vulnerability wasn’t alarming enough, Intel’s slow response to fixing a security flaw in a security feature has drawn harsh criticism from SemiAccurate’s Charlie Demerjian. The reporter explains that SemiAccurate has known about these vulnerabilities for over five years and has over this period communicated with dozens of Intel execs about the security issues – all apparently to no avail. Furthermore, it is suspected that the vulnerability is currently being actively exploited in the wild.
Now there’s a firmware security update – but it’s not a straightforward universal patch from Intel – users will have to wait for their system motherboard vendors to create a usable update. It could be that many machines with this vulnerability aren’t supported by the vendors anymore and some will never receive a fix. Those who can’t find a patch/fix for their system can download and study the Intel-SA-00075 Mitigation Guide which will help you make things secure while you await updates from your vendor(s).