• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Intel AMT (Baseboard management controller) remote access vulnerability

HazardO

HazardO

HazardO

Soldato
Joined
16 Jun 2009
Posts
7,664
Location
Cambridge
For those of you with x58, x79, and x99 based platforms this vulnerability may exist on your systems. It can be mitigated by switching off remote management or by updating to a BIOS with a fix.

In summary, a remote unauthenticated attacker could gain full control of your machine..

Intel disclosure:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Detection guide:
https://downloadcenter.intel.com/download/26755

More info:
http://mjg59.dreamwidth.org/48429.html
 
Last edited:
Tool says unable to determine for me - IIRC I ripped out most of the Intel management engine stuff though as it seems stupid to have that installed and running by default.
 
Ripped out? Uninstalling anything from the OS will not help, this completely bypasses any OS. You need to make sure that remote management is disabled in your BIOS if you have a system that has AMT. (Or get a BIOS update with a fix if you need to use remote management.)
 
Ah I was thinking about the Intel NIC remote access stuff - hadn't thought about what it actually was :s not sure the state on my board - no BIOS options and the tool and other methods for identifying are coming up inconclusive :|
 
HazardO said:
Ripped out? Uninstalling anything from the OS will not help, this completely bypasses any OS. You need to make sure that remote management is disabled in your BIOS if you have a system that has AMT. (Or get a BIOS update with a fix if you need to use remote management.)
Click to expand...
Nothing related to remote management exists in my BIOS AFAIK. If it did, I'd have turned it off years ago. Never heard of AMT before either.
 
Most home systems wont be affected by this.

It's mainly present in enterprise systems - like your bank, your government, your security forces, your ISP, your email provider, your Cloud storage, etc. So don't worry - your desktop is probably safe.
 
^^ I'm using an X79 platform from when -e was aimed more at workstation/enterprise use.

End of the day my hardware firewall should prevent external attacks but having a hard time working out if my system is affected or not. Some suggestions it might be using 7.xx :|
 
Very good article by SemiAccurate:

http://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

Seems I was mistaken in saying home users are unlikely to be affected. Apparently there is such functionality in many home systems just not visible and without the option to turn it off. Furthermore, SA are stating fairly openly that they believe the reason this flaw is there is because US Intelligence want it to be there. They're also saying that it's very likely older board firmware wont be patched leaving a lot of permanently vulnerable systems out there. This is pretty much all enterprise Intel systems since 2008. Apparently despite requests, Intel refused to sell a version without this capability in it. One version allows it to be initiated over a cellular connection.
 
h4rm0ny said:
Very good article by SemiAccurate:

http://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

Seems I was mistaken in saying home users are unlikely to be affected. Apparently there is such functionality in many home systems just not visible and without the option to turn it off. Furthermore, SA are stating fairly openly that they believe the reason this flaw is there is because US Intelligence want it to be there. They're also saying that it's very likely older board firmware wont be patched leaving a lot of permanently vulnerable systems out there. This is pretty much all enterprise Intel systems since 2008. Apparently despite requests, Intel refused to sell a version without this capability in it. One version allows it to be initiated over a cellular connection.
Click to expand...
And yet we still have a government demanding backdoors in security suites. :rolleyes:
 
h4rm0ny said:
Very good article by SemiAccurate:

http://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

Seems I was mistaken in saying home users are unlikely to be affected. Apparently there is such functionality in many home systems just not visible and without the option to turn it off. Furthermore, SA are stating fairly openly that they believe the reason this flaw is there is because US Intelligence want it to be there. They're also saying that it's very likely older board firmware wont be patched leaving a lot of permanently vulnerable systems out there. This is pretty much all enterprise Intel systems since 2008. Apparently despite requests, Intel refused to sell a version without this capability in it. One version allows it to be initiated over a cellular connection.
Click to expand...

This is why the Russian military moved over to Linux based OSes, trying to build their own CPUs and using non-Intel CPUs, etc.
 
DragonQ said:
And yet we still have a government demanding backdoors in security suites. :rolleyes:
Click to expand...

With a Home Secretary who said in interview that she was sure we had the necessary hashtags to stop terrorism, I really shouldn't be surprised at the lack of technical understanding by the Government. And yet I always am. One imagines if you gave Amber Rudd a shotgun she would instinctively point it at her own face to see what it did.

spaceodyssey-1420558499.gif
 
gbgt2 said:
X99 doesn't support Intel vPro as far as I know, so I am right in saying anyone with X99 is not impacted by this?
Click to expand...

x99 chipset is basically the chipset you see in all current intel servers. Whether AMT is enabled or the remote management features enabled is down to the BIOS.

Here is the lspci output from one of my servers showing the offending controller..
# lspci|egrep -i 'mei|heci'
00:16.0 Communication controller: Intel Corporation C610/X99 series chipset MEI Controller #1 (rev 05)
00:16.1 Communication controller: Intel Corporation C610/X99 series chipset MEI Controller #2 (rev 05)
 
HazardO said:
x99 chipset is basically the chipset you see in all current intel servers. Whether AMT is enabled or the remote management features enabled is down to the BIOS.

Here is the lspci output from one of my servers showing the offending controller..
# lspci|egrep -i 'mei|heci'
00:16.0 Communication controller: Intel Corporation C610/X99 series chipset MEI Controller #1 (rev 05)
00:16.1 Communication controller: Intel Corporation C610/X99 series chipset MEI Controller #2 (rev 05)
Click to expand...

Based on the Semi-Accurate article I linked above, it seems to say that some chipsets might have it but simply not have an option for turning it on or off in the BIOS. However, if it is turned off it should be fine according OP's last link.
 
Seems like my home PC is ok. Maybe because it's consumer SKU.

Based on the version of the ME, the System is Not Vulnerable.

Manufacturer: ASUS
Model: All Series
Processor Name: Intel(R) Core(TM) i7-6900K CPU @ 3.20GHz
Windows Version: Microsoft Windows 10 Pro

ME Information

Version: Unknown
SKU: Consumer
State: None Detected
Driver installation found: False
EHBC Enabled: False
LMS service state: Running
microLMS service state: NotPresent
 
My Rampage V edition 10:

Based on the version of the ME, the System is Not Vulnerable.

It's more likely to be enabled on workstation class boards than gaming as the licence to use the management controller is not cheap.
 
You must log in or register to reply here.
Back
Top Bottom