one of the most important points for any company is to have a solid platform of management (sea remota o no) . Intel provides this support through Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability, and the novelty is that you just corrected a bug in multiple firmware versions linked to these technologies. The problem is that vulnerability has seven years is critical, and requires a titanic effort distribute the patch.
almost a year ago we explore Intel Management Engine to the their potential as tailgate, and the risks associated with an exploit . The idea that a processor or chipset has a very low level remote administration system is a little uncomfortable, but the truth is that many companies rely on it. Well… guess what? The structure of administration of Intel has been vulnerable for seven years and maybe a little more. Intel already issued relevant patch for firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6 from its Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability technologies. The rating says it all: elevation of privilege. In theory, the bug does not reach to general consumer PCs, but the list of affected systems who published Lenovo suggests otherwise.
The good news is that the affected functions are disabled at the factory in the majority of cases, and many solutions targeted to individual users do not even allow its activation. The bad news is that with a little help of Shodan, experts have detected near 6,500 devices with the right conditions (digamos, AMT en pleno uso y los puertos 16992 y 16993 abiertos) to attack remote. Of course, anyone with physical access to a terminal could exploit vulnerability, but that would just be an item on your list. In addition to the patch, Intel shared recommendations for administrators, especially to those who work on Windows users ‘not reliable’ .
the number one suggestion is basically Verify that AMT is turned off . If that is not an option, the next step is to check for updates by the manufacturer (Intel publicó el parche para los OEM, no para los usuarios finales) however, the amount of out of warranty or with your completed extended support systems is enormous…
Leave your vote
Total votes: 1
Upvotes percentage: 100.000000%
Downvotes percentage: 0.000000%