<img alt="" src="https://secure.hims1nice.com/151009.png" style="display:none;">
" style="background-color: #2c3e50;">
 

News

Intel Security Alert [How fast can you patch?]

Posted by Joe Kipp on May 11, 2017 12:13:57 PM
Joe Kipp
Find me on:

Intel Security Alert

Newly discovered flaw in Intel’s Active Management Technology (AMT) firmware is worse than previously thought.

 

Intel announced on May 1st that there is a security flaw in their ADM firmware that has existed for the last ten years.  Reports indicate that this flaw can allow a remote attacker to take control of vulnerable systems without having to enter a password.

Intel is reporting that Firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 are affected.  Chips running firmware versions prior to 6 and after 11.6 do not have the vulnerability. Intel also notes that "this vulnerability does not exist on Intel-based consumer PCs."  Intel has rated the flaw (designated CVE-2017-5689) as "critical."  Intel recommends all business customers immediately assess whether they have devices with the vulnerable vPro processors and if so, to patch them immediately.

 

What does this mean for you?

Well if you have a vPro laptop (i.e. most commercial laptops), then you probably have the flaw.

 

For more information on the flaw, please see: Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege - https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

 

Intel has released a tool to determine if you are vulnerable:  INTEL-SA-00075 Detection Guide - https://downloadcenter.intel.com/download/26755

 

If you are vulnerable, here’s how Intel says to temporally address it until your vendor has a fix:  INTEL-SA-00075 Mitigation Guide - https://downloadcenter.intel.com/download/26754

 

It looks like Lenovo, HP and Fujitsu have a download available. 

 

Dell will start releasing updates on May 17th.  

 

Here are links to the vendor responses:

 

Dell Client Statement on Intel AMT Advisory (INTEL-SA-00075) - http://en.community.dell.com/techcenter/extras/m/white_papers/20443914/download

Dell/EMC’s Statement on affected servers (PowerEdge T-20 & T30) Can be found here - http://en.community.dell.com/techcenter/extras/m/white_papers/20443937/download

HP HPSBHF03557 rev. 5 - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation - http://www8.hp.com/us/en/intelmanageabilityissue.html

Lenovo - Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation - https://support.lenovo.com/us/en/product_security/len-14963

Fujitsu - Advisory note: Intel Firmware vulnerability - http://support.ts.fujitsu.com/content/Intel_Firmware.asp

 

If you need help, please reach out. We can be of assistance!


Will you be ready when disaster strikes? 
You can't miss our Free Webinar:
"Disaster Recovery: Backups are Not Enough"

May 25th @ 10am

 

Register for this Webinar

 

 

Topics: Security, Business Continuity

KiZAN 30 Years Logo FooterAsset 2

 

Louisville, KY

1831 Williamson Court

502.327.0333

 

Cincinnati, OH

9035 Meridian Way

513.563.6000

 

Subscribe to Notifications

Subscribe