Posted on Friday, May 05 2017 @ 20:33 CEST by Thomas De Maesschalck
Earlier this week I reported about
a 10-year old security bug in Intel's processors that finally got patched. This bug affects the Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) or Intel Small Business Technology (SBT) and does not really concern consumers as these technologies are primarily used by corporations. Intel just released a new bulletin with some more information:
On May 1, Intel published a security advisory regarding a firmware vulnerability in certain systems that utilize Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) or Intel® Small Business Technology (SBT). The vulnerability could enable a network attacker to remotely gain access to business PCs or devices that use these technologies.
The security and confidence of the people and businesses who use Intel products and technologies are paramount to us, and we are doing everything we can to address the situation as quickly as possible.
We have implemented and validated a firmware update to address the problem and we are collaborating with computer-makers to facilitate a rapid and smooth integration with their software. We expect computer-makers to make updates available beginning the week of May 8 and continuing thereafter.
Until firmware updates are available, we urge people and companies using business PCs and devices that incorporate AMT, ISM or SBT to take the following steps to maintain the security of their systems and information:
Identifying vulnerable systems
On May 4, we released a downloadable discovery tool that will analyze your system for the vulnerability. IT professionals who are familiar with the configuration of their systems and networks can use this tool, or can see our security advisory for full details on vulnerability detection and mitigation.
Business PCs and workstations are sometimes used by consumers and small businesses. If you are not an IT professional or unsure if your system is among those affected, you can still download and run the discovery tool. Instructions for using the tool can be downloaded from the same page.
Consumer PCs with consumer firmware and data center servers using Intel® Server Platform Services are not affected by this vulnerability.
Securing vulnerable systems
If the discovery tool reports a vulnerability or is unable to determine if a system is vulnerable, we recommend taking steps to secure your system as soon as possible.
Until firmware updates are available, systems administrators can take the mitigation steps detailed in the mitigation guide published under our security advisory. Please note that capabilities and features provided by AMT, ISM and SBT will be made unavailable by these mitigations.
Consumers or others who need support securing vulnerable systems can contact Intel Customer Support. Online support is available at http://www.intel.com/supporttickets. To contact Intel Customer Support by phone in the U.S., Canada or Latin America, call (916) 377-7000. Europe, Middle East and Africa support phone numbers can be found on Intel's support website. Asia Pacific support phone numbers can be found on Intel's Asia support site.
