Intel Finally Squashes Decade-Old Remote Code-Execution AMT Bug In Processor Platforms

Some things are better late than never, right? Chicago Cubs fans who watched their team win the World Series last year can certainly attest to that, but it does not only apply to sports. Case in point, Intel has finally plugged a security hole that affects every Intel platform with Active Management Technology (AMT), Intel Standard Manageability (ISM), and Small Business Technology (SBT) from Nehalem in 2008 on up to present day Kaby Lake.

The good news here is that Intel-based consumer PCs are completely unaffected by this bug. However, business customers who own PCs with vPro processors often use these technologies for remote administration purposes, and for them this is a serious bug. Or "critical," as Intel rates it, as it opens the door for an unprivileged attacker to gain control of the manageability features provided the aforementioned products.


Intel notes two ways the vulnerability might be access:
  1. An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM).
    *CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  2. An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel Small Business Technology (SBT).
    *CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
This flaw affects Intel manageability firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel's AMT, SBT, and ISM platforms. Versions before 6 or after 11.6 are not impacted.

There is some debate over the actual real-world implications of this bug. SemiAccurate said it's been aware of the bug for a long time and that what it discovered "was scary on a level that literally kept us up at night." It couldn't publish the information it found for fear that it would be immediately exploited by attackers, but was persistent in reminding Intel that it had a serious flaw on its hands.

The threat here is that a hacker could access a vulnerable PC's hardware and install malware or otherwise wreak havoc, all without the operating system or antivirus software noticing that something is awry. Since AMT has direct access to a computer's network hardware, a hacker could conceivably hijack every PC on the network.

Issuing a patch would normally make this a moot point, though this is not a Windows Update that gets automatically dole out. Instead, it is up to PC makers to release the fix through a firmware upgrade. Those who choose not to for whatever reason leave their customers at risk.