Recently there was a branch of news and comments on Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege - INTEL-SA-00075 (CVE-2017-5689). Maksim Malyutin, a member of our Embedi research team, was first to discover this vulnerability.
There has been a lot of disinformation presented as “fact” and a tremendous amount of baseless assumptions being floated around by some media outlets ever since the news was released
Intel representatives have asked Embedi to hold off on disclosing any technical details regarding this issue until further notice. The vulnerability is a serious threat and the prevention measures from exploitation is a timely process for users – timely, but necessary.
- Systems affected by this vulnerability are from 2010-2011 (not 2008, as was mentioned in some of the comments), because Intel manageability firmware version 6.0 and above was made not earlier than 2010;
- Under possible remote siege are Intel systems (like PC, laptops and servers) with enabled the Intel AMT feature;
- With 100 percent certainty it is not an RCE but rather a logical vulnerability;
- There are several vectors for the vulnerability exploitation and attackers’ modus operandi;
- There is also a chance of attacks performed on Intel systems without Intel AMT support.
We do hope that the cybersecurity community is wise and takes this issue seriously.
Here is a must-read guideline “INTEL-SA-00075 Mitigation Guide”. It is also important to note the difficulties with firmware patching, which is needed to mitigate this vulnerability. Firmware patching takes an extremely long time to test before it is deployed to all of their users.