A critical vulnerability was discovered in three key Intel technologies that would allow an attacker to gain control of manageability features using an escalation of privilege exploit.
While this flaw does not impact consumer PCs with Intel technology, many small business computers are affected.
Specifically, the vulnerability impacts Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6, according to their security advisory.
“This is a vendor’s worst nightmare and a vulnerability that cybercriminals are constantly trying to find, it is a serious risk for companies who do not take any action to remediate ASAP. This is a major surprise and a huge risk for those organizations who have AMT systems and using it to remotely manage their systems and applications," says Joseph Carson, Chief Security Scientist at Thycotic.
Intel recommends first determining if you have an Intel AMT, SBA, or ISM capable system. If not, you're off the hook. However, this will be more difficult for companies who aren't keeping a proper inventory of their hardware.
Next, discover what version of firmware your hardware is running, and patch if necessary. Versions before 6 or after 11.6 are not affected by this vulnerability.
This exploit could be used to run any kind of software or code once privilege is granted to the firmware. For such a critical flaw, additional steps may be necessary.
Jason Kent, CTO at Astech advises users to, "quarantine a machine from the populous and run a comparison to your 'golden image' to ensure there aren't any additional services or applications running. Users should watch for attempted logins from normal user accounts, onto the Intel platform. Ensure your user account hygiene has been good here. Deactivate or delete old user accounts, perform a forced password reset on all accounts, enable logging and setup triggers for attempted Privilege Escalations."
He adds, "Finally, if a technology solution is needed, monitoring the activity from each endpoint will give the greatest coverage for monitoring anomalous traffic and simply fencing off any machine that might misbehave, is a great strategy."