Intel AMT (Baseboard management controller) remote access vulnerability

[HazardO]

For those of you with x58, x79, and x99 based platforms this vulnerability may exist on your systems. It can be mitigated by switching off remote management or by updating to a BIOS with a fix.

In summary, a remote unauthenticated attacker could gain full control of your machine..

Intel disclosure:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Detection guide:
https://downloadcenter.intel.com/download/26755

More info:
http://mjg59.dreamwidth.org/48429.html

 

[HazardO]

Ripped out? Uninstalling anything from the OS will not help, this completely bypasses any OS. You need to make sure that remote management is disabled in your BIOS if you have a system that has AMT. (Or get a BIOS update with a fix if you need to use remote management.)

 

[HazardO]

X99 doesn't support Intel vPro as far as I know, so I am right in saying anyone with X99 is not impacted by this?

x99 chipset is basically the chipset you see in all current intel servers. Whether AMT is enabled or the remote management features enabled is down to the BIOS.

Here is the lspci output from one of my servers showing the offending controller..
# lspci|egrep -i 'mei|heci'
00:16.0 Communication controller: Intel Corporation C610/X99 series chipset MEI Controller #1 (rev 05)
00:16.1 Communication controller: Intel Corporation C610/X99 series chipset MEI Controller #2 (rev 05)

 

[HazardO]

My Rampage V edition 10:

Based on the version of the ME, the System is Not Vulnerable.

It's more likely to be enabled on workstation class boards than gaming as the licence to use the management controller is not cheap.