New Intel Active Management Technology (AMT) Security Risk
Intel announced a new, critical vulnerability this week that affects nearly all business desktops and laptops that have an Intel processor capable of running Active Management Technology (AMT) or Small Business Advantage Technology. The vulnerability allows someone to bypass authentication in Intel’s remote management hardware to take over your PC. Dynamic Quest will be assisting our clients and providing services to companies that may be affected.
AMT was designed to let IT administrators remotely manage fleets of computers by doing things such as installing patches and software. What makes this vulnerability unique is it involves direct access with system hardware instead of the operating system. Unauthorized access attempts to AMT also typically are not logged making it very difficult to detect exploitation.
Intel has provided clients with a detection tool to see if this exploit vulnerability affects your system. We recommend contacting your IT department or technology provider and not perform this on your own. For IT managers, the tool is located on the Intel site here. Once you have downloaded it, decompress the zip file to a folder. Open the folder, then open its Windows sub-folder. Launch Intel-SA-00075-GUI.exe.
If the utility results in a vulnerable result, the next step is to check with your PC maker. Dell, HP, Lenovo, Fujitsu, and most major manufacturers are already working on firmware fixes. If you run a “white box” custom built PC, check with the motherboard vendor itself for firmware updates. The schedule for firmware updates for most manufacturers can be downloaded from the links below.
HP: http://www8.hp.com/us/en/intelmanageabilityissue.html
Lenovo: https://support.lenovo.com/us/en/product_security/LEN-14963
Fujitsu: http://support.ts.fujitsu.com/content/Intel_Firmware.asp
Dell: http://en.community.dell.com/techcenter/extras/m/white_papers/20443914
Need assistance? Contact us and we’ll be happy to help.
