daPhoenix
Well-known member
This isn't so much of interest to normal users as it is to business / admins so if you aren't one, you are most likely not interested - but I'd think Shadow and others who have large networks to take care of should check this out;
Source: https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
Source: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
TLDR; All Intel platforms are affected by a privilege exploit that allows bypassing ALL security measures (excluding encryption if the system is not active) and gives unmitigated access to everything, bypassing all virus, security, intrusion and other mitigation methods.
Remote security exploit in all 2008+ Intel platforms
Updated: Nehalem through Kaby all remotely and locally hackable
May 1, 2017 by Charlie Demerjian
Every Intel platform from Nehalem to Kaby Lake has a remotely exploitable security hole. SemiAccurate has been begging Intel to fix this issue for literally years and it looks like they finally listened.
Update May 1, 2017 # 3:35pm: Intel just confirmed it, but not to SemiAccurate. You can read their advisory here.
The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network. For the moment. From what SemiAccurate gathers, there is literally no Intel box made in the last 9+ years that isn’t at risk.
This is somewhere between nightmarish and apocalyptic.
Source: https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
Summary:
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.
Description:
There are two ways this vulnerability may be accessed please note that Intel® Small Business Technology is not vulnerable to the first issue.
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products:
The issue has been observed in Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability. Versions before 6 or after 11.6 are not impacted.
Source: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
TLDR; All Intel platforms are affected by a privilege exploit that allows bypassing ALL security measures (excluding encryption if the system is not active) and gives unmitigated access to everything, bypassing all virus, security, intrusion and other mitigation methods.