1.    08 May 2017 #1
    Join Date : Oct 2014
    In a house with a crazy cat trying to kill me
    Posts : 16,939
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition

    Intel chip vulnerability lets hackers easily hijack fleets of PCs


    A vulnerability in Intel chips that went undiscovered for almost a decade allows hackers to remotely gain full control over affected Windows PCs without needing a password.

    The "critical"-rated bug, disclosed by Intel last week, lies in a feature of Intel's Active Management Technology (more commonly known as just AMT), which allows IT administrators to remotely carry out maintenance and other tasks on entire fleets of computers as if they were there in person, like software updates and wiping hard drives.
    Intel's advisory said that systems -- including desktops, laptops, and servers -- dating back as early as 2010 and 2011 and running firmware 6.0 and later are affected by the flaw.

    But Embedi warned that any affected internet-facing device with open ports 16992 and 16993 are at risk. "Access to ports 16992/16993 are the only requirement to perform a successful attack," said the Embedi researchers.

    Since the disclosure, monitors have seen a spike in probing activity on the two affected ports.
    The chipmaker has also published a discovery tool to determine if machines are affected.
    Intel chip vulnerability lets hackers easily hijack fleets of PCs | ZDNet
      My ComputerSystem Spec
  2.    08 May 2017 #2
    Join Date : Dec 2014
    Posts : 433
    Windows 10 Pro x64

    Uh, their tools says based on the version of IME, my PC is not at risk. It also says the version of IME on my computer is "unknown". Apparently Intel says consumer PC aren't vulnerable (ME vs. AMT I reckon).

    *** ME Information ***
    Version: Unknown
    SKU: Consumer
    State: None Detected
    Driver installed: False
    EHBCP Enabled: False
    LMS state: NotPresent
    MicroLMS state: NotPresent

    *** Risk Assessment ***
    Based on the version of the ME, the System is Not Vulnerable.
      My ComputerSystem Spec
  3.    08 May 2017 #3
    Join Date : Apr 2016
    Posts : 46
    Windows 10 pro 64bit

    Quote Originally Posted by Geneo View Post
    Uh, their tools says based on the version of IME, my PC is not at risk. It also says the version of IME on my computer is "unknown". Apparently Intel says consumer PC aren't vulnerable (ME vs. AMT I reckon).
    Yes most consumer PCs should not be vulnerable. Only desktop boards with Q chip set (for example: Q77, Q87, Q170 etc.) paired with certain i5 or i7 CPUs that support vPro, and some business grade laptops like thinkpads etc. (usually have vpro sticker) are vulnerable.
    I have business grade ThinkPad that supports Intel AMT and is vulnerable also desktop with Q87 for now disabled AMT waiting for patches.

    Lenovo released statement with update schedule
    Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation

    For my Q87 board no news from Asus.
      My ComputerSystem Spec
  4.    08 May 2017 #4
    Join Date : Sep 2015
    Colorado
    Posts : 163
    Windows 10 pro 64 bit/vs.1709/16299.19

    Nope
    Attached Thumbnails Attached Thumbnails 5 8 17 Intel SA-00075 DiscoveryTool Results.PNG   5 8 17 True stealth port scan.PNG  
      My ComputersSystem Spec
  5.    09 May 2017 #5
    Join Date : May 2017
    Posts : 1
    windows 10

    It absolutely affects end users. The scope is unknown.

    Unfortunately, Intel's statement that 'Our Consumer Products Are Not Affected' has given a lot of people false confidence.

    My system (b85 4790k) returns 'vulnerable'.

    I know of at least two H87 owners getting the same results. H170 seems to have the same features.

    Hilariously, there isn't a BIOS setting to disable it on my system. No update/patch from Gigabyte either.

    What's worse, many people with problems around the launch of AU were told to install the Intel suite.

    Shutting the port should be enough. Should be. But the story has already grown in disastrousness a couple of times! I worry that we'll see trojans emerge that open the port as a possible attack vector.

    If you return positive, and are paranoid, the best technical advice I have heard is to not use the onboard LAN. The ME interface uses a layer 1-2 protocol to 'listen in' to traffic. It follows that it cannot listen in to another device (with a different MAC).
      My ComputerSystem Spec
  6.    09 May 2017 #6
    Join Date : Apr 2016
    Posts : 46
    Windows 10 pro 64bit

    Quote Originally Posted by qizz View Post
    It absolutely affects end users. The scope is unknown.

    Unfortunately, Intel's statement that 'Our Consumer Products Are Not Affected' has given a lot of people false confidence.

    My system (b85 4790k) returns 'vulnerable'.

    I know of at least two H87 owners getting the same results. H170 seems to have the same features.

    Hilariously, there isn't a BIOS setting to disable it on my system. No update/patch from Gigabyte either.

    What's worse, many people with problems around the launch of AU were told to install the Intel suite.

    Shutting the port should be enough. Should be. But the story has already grown in disastrousness a couple of times! I worry that we'll see trojans emerge that open the port as a possible attack vector.

    If you return positive, and are paranoid, the best technical advice I have heard is to not use the onboard LAN. The ME interface uses a layer 1-2 protocol to 'listen in' to traffic. It follows that it cannot listen in to another device (with a different MAC).
    There must be something wrong with that tool because neither B85 nor H170 or H87 support iAMT (also even with supported chipset for example Q87 that particular cpu 4790k will not work - no support for vPro), they just don't have network KVM or other services (can you open webpage with pc stats when you type that pcs ip from network?) maybe there is some local exploit for some intel ME functionality but don't think there is any remote/network exploits.
    Last edited by VBJP; 09 May 2017 at 03:59.
      My ComputerSystem Spec
  7.    09 May 2017 #7
    Join Date : Sep 2014
    Nashville, TN
    Posts : 3,143
    Windows 10 Pro

    It should be noted that if you are using any kind of physical firewall (Wireless router, cable modem with firewall, etc..) you won't be vulnerable. The machine has to be directly connected to the internet without a physical firewall (Software firwall probably won't work because the hardware itself is exposing the ports, before the OS is even running).
      My ComputerSystem Spec
  8.    09 May 2017 #8
    Join Date : Apr 2016
    Posts : 46
    Windows 10 pro 64bit

    Quote Originally Posted by Mystere View Post
    It should be noted that if you are using any kind of physical firewall (Wireless router, cable modem with firewall, etc..) you won't be vulnerable. The machine has to be directly connected to the internet without a physical firewall (Software firwall probably won't work because the hardware itself is exposing the ports, before the OS is even running).
    Most consumer routers even cheap ISP provided routers usually have some sort of firewall. That's why this vulnerability isn't that scary for most consumers. Except if someone gains access to local network or even that pc then it may do some damage. But some business/pro users that use intel AMT for controlling remote server/PC/etc. via internet (if you have remote server or pc to administer and need to have low level remote access, because RDP will not work for accessing BIOS or if windows crashed) may have opened that network interface to internet, then it's bad.
      My ComputerSystem Spec
  9.    10 May 2017 #9
    Join Date : Jul 2015
    Posts : 866
    Windows 10 Home x64

    I ran the tool on my Haswell-E PC and it said I wasn't affected.
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Does Server board(intel C612 chip) are suitable with Win10 Pro 64b OS?
Hi Sir/Madam, Recently, my system having an issue is when I cold boot my system will hang at BIOS post screen, if leave it system for one mins the system will auto shutdown. But, if i change Win10 to Enterprise version this issue will not...
General Support
Intel Chip Set & Intel Management Engine Help
Hello as Question title says. I'm having difficulty finding the drivers on the Intel website Support and Drivers menu. Drivers needed: Intel Chipset & Intel Management Engine Im using a Z170 motherboard with an I7 6700K. OS Windows 10 64Bit...
Drivers and Hardware
Only Intel graphics chip working with only one monitor working.
My wife has a twin graphics laptop. With Intel on the mother board and a Nvdia second one. A desktop monitor is used via a Docking Station ACP70EU After the W10 update only the Intell chip is working through the Docker when the laptop screen is...
Graphic Cards
Solved Hackers are exploiting an unpatched Flash Player vulnerability
A update for flash player was released today (5/12/16) Hackers are exploiting an unpatched Flash Player vulnerability, Adobe warns | PCWorld
AntiVirus, Firewalls and System Security
Solved New Intel chip function ..?
Hi All . I just notice there is an app/or Intel drive call Wake-On-Voice in my laptop , But my Processor is Intel Broadwell core i5-5200u , not Skylake .. ?? I don't know how to set it up either . Any idea ..? Thanks .
Software and Apps
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 03:02.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums