Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review
Sabrent Rocket 4 PLUS 2TB NVMe SSD review
MSI Radeon RX 6900 XT GAMING X TRIO review
Guru3D Q1 Winter 20/21 PC Buyer Guide
AOC CU34G2X monitor review

New Downloads
GeForce 461.72 WHQL driver download
AIDA64 Download Version 6.32.5640 beta
CrystalDiskInfo 8.11.2 Download
AMD Radeon Adrenalin Edition 21.2.3 driver download
GPU-Z Download v2.37.0
Intel HD graphics Driver Download Version: DCH27.20.100.9313
HWiNFO Download v6.43 - 4380 Beta
AMD Radeon Adrenalin Edition 21.2.2 driver download
3DMark Download v2.17.7137 + Time Spy
PCMark 10 Download v.2.1.2508


New Forum Topics
Review: MSI GeForce RTX 3060 Gaming X TRIO GeForce 461.72 WHQL driver download Razer offrers Kiyo Pro webcam at 200 USD GeForce 461.72 WHQL drivers: download & discussion RDNA2 RX6000 Series Owners Thread, Tests, Mods, BIOS & Tweaks ! Review: Sabrent Rocket 4 PLUS 2TB NVMe SSD (breaching that 7 GB/sec) AMD is investigating USB problems with 500 series chipsets AMD to announce Radeon RX 6700 Series upcoming March 3rd Any way to "Half-Refresh V-Sync" with AMD GPUs? Thanks! Cyberpunk 2077 postpones biggest patch v1.2




Guru3D.com » News » Intel patches remote execution that dates back to 2008

Intel patches remote execution that dates back to 2008

by Hilbert Hagedoorn on: 05/02/2017 01:11 PM | source: | 11 comment(s)
Intel patches remote execution that dates back to 2008

Intel has patched a remote execution big that dates back to 2008. Millions of Intel workstation and server chips have harbored a security flaw that can be potentially exploited to remotely control and infect systems with spyware.

The news reaches us today through the register who picked up on it in depth. The bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Intel , the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products:

That means it is possible for hackers to log into a vulnerable computer's hardware – right under the nose of the operating system – and silently tamper with the machine, install virtually undetectable malware, and so on, using AMT's features. This is potentially possible across the network because AMT has direct access to the computer's network hardware.

These insecure management features have been available in various, but not all, Intel chipsets for nearly a decade, starting with the Nehalem Core i7 in 2008, all the way up to this year's Kaby Lake Core parts. Crucially, the vulnerability lies at the very heart of a machine's silicon, out of sight of the operating system, its applications and any antivirus.

The programming blunder can only be fully addressed with a firmware-level update, and it is present in millions of chips. It is effectively a backdoor into computers all over the world.

The vulnerable AMT service is part of Intel's vPro suite of processor features. If vPro is present and enabled on a system, and AMT is provisioned, unauthenticated miscreants on your network can access the computer's AMT controls and hijack them. If AMT isn't provisioned, a logged-in user can still potentially exploit the bug to gain admin-level powers. If you don't have vPro or AMT present at all, you are in the clear.

Intel reckons the vulnerability affects business and server boxes, because they tend to have vPro and AMT present and enabled, and not systems aimed at ordinary folks, which typically don't. You can follow this document to check if your system is vulnerable – and you should.

Basically, if you're using a machine with vPro and AMT features enabled, you are at risk. Modern Apple Macs, although they use Intel chips, do not ship with the AMT software, and are thus in the clear.

According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was discovered and reported in March by Maksim Malyutin at Embedi. To get Intel's patch to close the hole, you'll have to pester your machine's manufacturer for a firmware update, and in the meantime, try the mitigations here. These updates, although developed by Intel, must be cryptographically signed and distributed by the manufacturers. It is hoped they will be pushed out to customers within the next few weeks. They should be installed ASAP.

"In March 2017 a security researcher identified and reported to Intel a critical firmware vulnerability in business PCs and devices that utilize Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), or Intel Small Business Technology (SBT)," an Intel spokesperson said.

"Consumer PCs are not impacted by this vulnerability. We are not aware of any exploitation of this vulnerability. We have implemented and validated a firmware update to address the problem, and we are cooperating with equipment manufacturers to make it available to end-users as soon as possible."

Specifically, according to Intel:

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM).
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

Apparently, Intel's Small Business Technology is not vulnerable to privilege escalation via the network. Whether you're using AMT, ISM or SBT, the fixed firmware versions to look out for are, depending on the processor family affected:

  • First-gen Core family: 6.2.61.3535
  • Second-gen Core family: 7.1.91.3272
  • Third-gen Core family: 8.1.71.3608
  • Fourth-gen Core family: 9.1.41.3024 and 9.5.61.3012
  • Fifth-gen Core family: 10.0.55.3000
  • Sixth-gen Core family: 11.0.25.3001
  • Seventh-gen Core family: 11.6.27.3264

"The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole," explained semiconductor industry journo Charlie Demerjian earlier today.

First of all, does your system even support AMT? AMT requires a few things:

1) A supported CPU
2) A supported chipset
3) Supported network hardware
4) The ME firmware to contain the AMT firmware

Merely having a "vPRO" CPU and chipset isn't sufficient - your system vendor also needs to have licensed the AMT code. Under Linux, if lspci doesn't show a communication controller with "MEI" or "HECI" in the description, AMT isn't running and you're safe. If it does show an MEI controller, that still doesn't mean you're vulnerable - AMT may still not be provisioned. If you reboot you should see a brief firmware splash mentioning the ME. Hitting ctrl+p at this point should get you into a menu which should let you disable AMT.

Fixing this requires a system firmware update in order to provide new ME firmware (including an updated copy of the AMT code). Many of the affected machines are no longer receiving firmware updates from their manufacturers, and so will probably never get a fix. 







« ASUSTOR Launches Intel Apollo Lake Based AS6302T and AS6404T NAS · Intel patches remote execution that dates back to 2008 · LG Launches 43UD79-B 43-inch 4k IPS-monitor With FreeSync »

Related Stories

Intel Panther Point chipset to get HDMI 1.4 support - 02/24/2011 11:20 AM
Earlier on FUD Zilla shared some details about Panter Point, Intel's chipset for the next-gen Ivy Bridge processors which are expected to arrive sometime early next year. Codename for Ivy Bridge 22nm...

Intel Panter Point chipset to offer USB 3.0 in 2012 - 01/26/2011 12:21 PM
looks like it will take a while before Intel will start supporting USB 3.0 natively. Panther Point will be Intel's first chipset to offer USB 3.0 support. This chip will be part of the Ivy Bridge-base...


3 pages 1 2 3


chronek
Senior Member



Posts: 184
Joined: 2016-09-19

#5427111 Posted on: 05/02/2017 01:37 PM
It was not a bug, it was a feature..

Kaarme
Senior Member



Posts: 2264
Joined: 2013-03-10

#5427118 Posted on: 05/02/2017 01:45 PM
It was not a bug, it was a feature..


Only now, after all these generations, NSA and CIA finally allowed Intel to make it public and possibly offer solutions.

schmidtbag
Senior Member



Posts: 5631
Joined: 2012-11-10

#5427128 Posted on: 05/02/2017 02:04 PM
It was not a bug, it was a feature..

Agreed - just look at the phrasing of the article. It repeatedly explains how and why these are security risks but I didn't see anywhere they mentioned what these features were intended for (in a secure manner), nor are they apologetic for the security risks. At least they provided patches.

It's interesting to me how deliberate some of it was. For example the statement "If AMT isn't provisioned, a logged-in user can still potentially exploit the bug to gain admin-level powers." but honestly, how many system admins know about what AMT is and/or know they can do something about it? So basically what they're saying is "despite that we known about this 'bug' for nearly a decade, we never told users to provision AMT nor supplied a patch to Windows to do it for you". They basically intentionally left it alone. This of course is assuming they're lying about just recently discovering this, but I've heard people complaining about the security flaws and backdoors of the Core i series a very long time ago.

SirDremor
Senior Member



Posts: 586
Joined: 2008-06-20

#5427143 Posted on: 05/02/2017 02:38 PM
Hurray! Now all those scared can un-wrap themselves from tinfoil!

Cplifj
Member



Posts: 84
Joined: 2017-05-02

#5427149 Posted on: 05/02/2017 03:04 PM
Funny thing, but my thoughts here are...

Odd that it covers the exact period of Obama reign.

Could such a thing really happen by presidential order?

The kind of thing we never hear about, since spying on everyone seems their only way to keep the power.

3 pages 1 2 3


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021