Windows Enterprise Desktop

May 10 2017   3:56PM GMT

Intel AMT Exploit Needs Attention

Ed Tittel Ed Tittel Profile: Ed Tittel

Tags:

On Monday, a piece in ZDNet attracted my attention and interest. Shortly thereafter, it also generated some local alarms on four of my systems. The title of that piece says it all “Intel chip vulnerability lets hackers easily hijack fleets of PCs” (emphasis mine). Alas, it seems an Intel AMT exploit needs attention in businesses of all sizes that run Intel-based PCs of  “a certain age.” In this case, AMT stands for Active Management Technology. As it happens, AMT lets IT admins perform remote maintenance/update tasks, including wiping hard disks.

AMT can, in the words of the ZDNet story, allow an administrator “to remotely control the computer’s keyboard and mouse, even if the PC is powered off.” Such godlike powers need strong controls that turn out to be MIA. In fact, security researchers discovered that a blank password gets anybody into the Web interface for AMT. That gives them the ability to do whatever they want to entire fleets of PCs. The best fix turns out to be disabling AMT altogether. Admins must thus forgo its administrative conveniences to avoid potentially catastrophic compromises. Find all the details in this Intel security advisory on Exploit Intel-SA-00075.

How to tell if the Intel AMT exploit needs attention on your PCs

Fortunately, Intel has also released a detection tool to tell you if your PCs are vulnerable to this exploit or not. That said, only operations that use AMT are subject to this vulnerability. Thus if your business hasn’t turned on AMT, it can’t be compromised through AMT, either. Download the Detection Guide from the Intel Download Center and you’ll be able to tell if your PCs are vulnerable or not. I ran it on my 8 PCs here at the house, and learned that half of them are potentially vulnerable to this exploit. But I don’t run AMT, so that vulnerability cannot currently be exploited.

If a PC is vulnerable, here’s what the output from that Detection tool looks like:

Intel AMT Exploit Needs Attention

To check your systems, run the detection tool and see if the word Vulnerable pops up in RED.
Unaffected systems will report Not Vulnerable in GREEN

From what I can glean from the Intel advisory, other coverage, and my own experience, Intel PCs built from 2010 through 2014 are likely to be affected. Thus all of my older systems were affected. These included:

  • my wife’s Ivy Bridge dual core i7 mini-itx box
  •  my son’s Haswell quad core i7 Dell XPS27 All-in-one
  •  my two Lenovo Sandy Bridge dual core i7s laptops

None of my newer systems fell prey, however:

  •  the Surface Pro 3 i7 (Haswell i7-4650U)
  •  my Dell Venue Pro 11 7139 (i5-4210Y)
  • my production desktop PC (i7 6700)
  • my Insider test desktop (i7 4770K)

I suspect many business PCs will be subject to the AMT vulnerability. For those organizations using AMT, turning it off for the time being is an essential step to regaining control over their PC fleets. Don’t delay in taking that step, please!

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: