Intel firmware: Vulnerability threatens business PCs already since 2008

before of critical security leaks in the firmware of active management technology (AMT), standard manageability (ISM) and small business technology (SBT) warns Intel in a corresponding Advisory (ID Intel: INTEL SA-00075) . An attacker can extend the own privileges via multiple vulnerabilities and ultimately take control of the affected system. Many business platforms are affected to date since 2008.

the vulnerabilities can be advisory according to two ways out. On the one hand, a remote attacker could take control of the management products active management technology and standard manageability. Intel evaluated this error with 9.8 on a scale up to 10 (CVSSv3). The small business technology in addition to the two mentioned technologies are affected by the second vulnerability. The company with 8.4 rated this error. Here, Intel warns that an unprivileged attacker may access the management features and extend the own rights to the local area network or a local system.

the firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0 are affected

products referred to in the three, 11.5 and 11.6. Versions are not affected according to Intel before 6 and after 11.6. Thus the gap ‘ is affected in all models of Nehalem from the year 2008 up Kaby Lake from the year 2017 by the leak in the Intel management engine.

 Intel's hardware-based management of PCs in the view of the active management technology (AMT). (Picture: Thomas Krenn AG) Intel’s hardware-based management of PCs in the view of the active management technology (AMT). (Picture: Thomas Krenn AG)

the Intel active management technology, which is made up of hardware and firmware that allows a remote-of-band management of PCs. The systems may be monitored via the hardware-based Office, maintain, repair and upgrade.

“Intel recommends urgent, therefore, that first of all as a first step the mentioned management tools should be disabled”, explains how companies in a PDF . As a second step, Intel recommends disabling the local management service or to remove. LMS listens the manageability engine (ME) on the port 16992, 16993, 16994, 16995, 623 and 664, and directs the traffic on the firmware on the MEI driver.

[]

[]

Intel manageability
firmware

associated
CPU generation

resolved
firmware

X.X.XX. 3XXX

6.0.xx.xxxx

1 st Gene core

6.2.61.3535

[]

6.1.xx.xxxx

6.2.61.3535

6.2.xx.xxxx

6.2.61.3535

7.0.xx.xxxx

2 and Gene core

7.1.91.3272

7.1.xx.xxxx

7.1.91.3272 []

8.0.xx.xxxx

3 rd Gene core

8.1.71.3608

8.1.xx.xxxx

8.1.71.3608

9.0.xx.xxxx

4 th Gene core

[]

9.1.41.3024

9.1.xx.xxxx

9.1.41.3024

9.5.xx.xxxx

9.5.61.3012

10.0.xx.xxxx

5 th Gene core

10.0.55.3000

11.0.xx.xxxx

6 th Gene core

11.0.25.3001

11.5.xx.xxxx

7 th Gene core

11.6.27.3264

11.6.xx.xxxx

11.6.27.3264

Google security expert Matthew Garrett explained to ZDNet.com that users should ensure that AMT is disabled: “to fix this leak, a firmware update is needed, a new management engine firmware with along with an updated version of the official code get to.” Many of the affected systems but are no longer supplied with firmware updates by the manufacturers and are therefore likely to never get a fix.” Therefore, anybody who have activated Office on one of his hosts was vulnerable about this leak.

firmware updates are also not often as safety-relevant and would also not via Windows update be distributed. Therefore be users, even if a manufacturer has an update available, not informed and does not install the update as a result usually also.

However only systems are affected, which are equipped with Intel’s vPro technology. This is the case in General only for commercial machines. The leak Maksim Maly solution by Embedi has discovered according to Intel, while a team of SemiAccurate said to have discovered the leak already prior to five years .

[withmaterialfromMartinSchindler silicon.de ]

Be the first to comment

Leave a Reply