Researchers Disclose Intel AMT Flaw Research

[RV_]

Intel business chipsets and systems are at risk from a credential bypass that eve non techies could do. Fortunately Intel has put out a new detection tool that is free, fast, and a small download. Download it and save it, then double click on the .exe. Allow it to expand all the files and then run the .exe and it will seem nothing is happening. In a short time a screen will appear telling you if your system is vulnerable. MIne wasn't.

If you run a refurbished business class computer or one with Windows Pro you should check. Mine are clear.

Excerpt:

"On Friday, just as Intel released additional information regarding a critical flaw found earlier this week in a subset of its business-class PCs, the researchers behind the initial vulnerability discovery, Embedi, also published their research on the flaw.

Intel warned Monday of a firmware vulnerability in certain systems that utilize its Active Management Technology (AMT) that could allow an adversary to elevate privileges on a vulnerable system. The flaw (CVE-2017-5689) could allow an attacker to remotely gain access to business PCs or devices and gain full control over systems.

In its documentation of the flaw released Friday, Embedi said the vulnerability was likely a programmer’s mistake. It dubbed the vulnerability “Silent Bob” because the impacted AMT sub-systems don’t require a password under certain access conditions. “Keep silence when challenged and you’re in,” wrote Embedi researchers.

Embedi said adversaries who can gain access to PCs with open ports 16992/16993 can easily bypass authentication. “In other words, an attacker may not have credentials and still be able to use the Intel AMT functionality. Access to ports 16992/16993 are the only requirement to perform a successful attack,” wrote Embedi researchers.

Researchers at Tenable said the attack doesn’t require much technical expertise. Using web application security tools such as Burp Suite, Tenable researchers were able confirm the vulnerability by intercepting and manipulating HTTP packets sent between a them and the AMT web server running locally on vulnerable systems.

Using specially crafted requests, Tenable was able to access to the AMT interface and gain full control over targeted PCs.

“AMT provides the ability to remotely control the computer system even if it’s powered off, but connected to the electricity and network,” Embedi wrote.

“The good news is most PCs with AMT running don’t typically expose ports 16992 and 16993 to the internet,” said Anthony Bettini, senior director of software engineering at Tenable.

According to Embedi, the date range of Intel systems affected by this vulnerability (version 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6) go from 2010 to 2011.

“We really hope by bringing this to light, it will raise awareness about security issues in firmware and avoid possible issues in the future,” warned Embedi.

For its part, Intel said it expected computer-makers to make updates available beginning the week of May 8. Computer maker HP Inc., Lenovo and Fujitsu have each announced timelines for fixing for the vulnerability. Intel has also released a downloadable discovery tool that will analyze systems for the flaw."                                                                                               Click this link for the tool ⬆⬆⬆⬆⬆⬆⬆⬆

The entire article with all links and explanations is here: https://threatpost.com/researchers-disclose-intel-amt-flaw-research/125503/