Intel chip vulnerability lets hackers easily hijack fleets of PCs

    Intel chip vulnerability lets hackers easily hijack fleets of PCs

    Intel chip vulnerability lets hackers easily hijack fleets of PCs


    Posted: 08 May 2017

    A vulnerability in Intel chips that went undiscovered for almost a decade allows hackers to remotely gain full control over affected Windows PCs without needing a password.

    The "critical"-rated bug, disclosed by Intel last week, lies in a feature of Intel's Active Management Technology (more commonly known as just AMT), which allows IT administrators to remotely carry out maintenance and other tasks on entire fleets of computers as if they were there in person, like software updates and wiping hard drives.
    Intel's advisory said that systems -- including desktops, laptops, and servers -- dating back as early as 2010 and 2011 and running firmware 6.0 and later are affected by the flaw.

    But Embedi warned that any affected internet-facing device with open ports 16992 and 16993 are at risk. "Access to ports 16992/16993 are the only requirement to perform a successful attack," said the Embedi researchers.

    Since the disclosure, monitors have seen a spike in probing activity on the two affected ports.
    The chipmaker has also published a discovery tool to determine if machines are affected.
    Intel chip vulnerability lets hackers easily hijack fleets of PCs | ZDNet
    Borg 386's Avatar Posted By: Borg 386
    08 May 2017


  1. Posts : 1,191
    Windows 11 Pro x64
       #1

    Uh, their tools says based on the version of IME, my PC is not at risk. It also says the version of IME on my computer is "unknown". Apparently Intel says consumer PC aren't vulnerable (ME vs. AMT I reckon).

    *** ME Information ***
    Version: Unknown
    SKU: Consumer
    State: None Detected
    Driver installed: False
    EHBCP Enabled: False
    LMS state: NotPresent
    MicroLMS state: NotPresent

    *** Risk Assessment ***
    Based on the version of the ME, the System is Not Vulnerable.
      My Computers


  2. Posts : 82
    Windows 10 pro 64bit
       #2

    Geneo said:
    Uh, their tools says based on the version of IME, my PC is not at risk. It also says the version of IME on my computer is "unknown". Apparently Intel says consumer PC aren't vulnerable (ME vs. AMT I reckon).
    Yes most consumer PCs should not be vulnerable. Only desktop boards with Q chip set (for example: Q77, Q87, Q170 etc.) paired with certain i5 or i7 CPUs that support vPro, and some business grade laptops like thinkpads etc. (usually have vpro sticker) are vulnerable.
    I have business grade ThinkPad that supports Intel AMT and is vulnerable also desktop with Q87 for now disabled AMT waiting for patches.

    Lenovo released statement with update schedule
    Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation

    For my Q87 board no news from Asus.
      My Computer


  3. Posts : 272
    Win 10 pro 64 bit Vs. 20H2 Build 19042.630
       #3

    Nope
    Attached Thumbnails Attached Thumbnails Intel chip vulnerability lets hackers easily hijack fleets of PCs-5-8-17-intel-sa-00075-discoverytool-results.png   Intel chip vulnerability lets hackers easily hijack fleets of PCs-5-8-17-true-stealth-port-scan.png  
      My Computer


  4. Posts : 1
    windows 10
       #4

    It absolutely affects end users. The scope is unknown.

    Unfortunately, Intel's statement that 'Our Consumer Products Are Not Affected' has given a lot of people false confidence.

    My system (b85 4790k) returns 'vulnerable'.

    I know of at least two H87 owners getting the same results. H170 seems to have the same features.

    Hilariously, there isn't a BIOS setting to disable it on my system. No update/patch from Gigabyte either.

    What's worse, many people with problems around the launch of AU were told to install the Intel suite.

    Shutting the port should be enough. Should be. But the story has already grown in disastrousness a couple of times! I worry that we'll see trojans emerge that open the port as a possible attack vector.

    If you return positive, and are paranoid, the best technical advice I have heard is to not use the onboard LAN. The ME interface uses a layer 1-2 protocol to 'listen in' to traffic. It follows that it cannot listen in to another device (with a different MAC).
      My Computer


  5. Posts : 82
    Windows 10 pro 64bit
       #5

    qizz said:
    It absolutely affects end users. The scope is unknown.

    Unfortunately, Intel's statement that 'Our Consumer Products Are Not Affected' has given a lot of people false confidence.

    My system (b85 4790k) returns 'vulnerable'.

    I know of at least two H87 owners getting the same results. H170 seems to have the same features.

    Hilariously, there isn't a BIOS setting to disable it on my system. No update/patch from Gigabyte either.

    What's worse, many people with problems around the launch of AU were told to install the Intel suite.

    Shutting the port should be enough. Should be. But the story has already grown in disastrousness a couple of times! I worry that we'll see trojans emerge that open the port as a possible attack vector.

    If you return positive, and are paranoid, the best technical advice I have heard is to not use the onboard LAN. The ME interface uses a layer 1-2 protocol to 'listen in' to traffic. It follows that it cannot listen in to another device (with a different MAC).
    There must be something wrong with that tool because neither B85 nor H170 or H87 support iAMT (also even with supported chipset for example Q87 that particular cpu 4790k will not work - no support for vPro), they just don't have network KVM or other services (can you open webpage with pc stats when you type that pcs ip from network?) maybe there is some local exploit for some intel ME functionality but don't think there is any remote/network exploits.
    Last edited by VBJP; 09 May 2017 at 03:59.
      My Computer


  6. Posts : 3,257
    Windows 10 Pro
       #6

    It should be noted that if you are using any kind of physical firewall (Wireless router, cable modem with firewall, etc..) you won't be vulnerable. The machine has to be directly connected to the internet without a physical firewall (Software firwall probably won't work because the hardware itself is exposing the ports, before the OS is even running).
      My Computer


  7. Posts : 82
    Windows 10 pro 64bit
       #7

    Mystere said:
    It should be noted that if you are using any kind of physical firewall (Wireless router, cable modem with firewall, etc..) you won't be vulnerable. The machine has to be directly connected to the internet without a physical firewall (Software firwall probably won't work because the hardware itself is exposing the ports, before the OS is even running).
    Most consumer routers even cheap ISP provided routers usually have some sort of firewall. That's why this vulnerability isn't that scary for most consumers. Except if someone gains access to local network or even that pc then it may do some damage. But some business/pro users that use intel AMT for controlling remote server/PC/etc. via internet (if you have remote server or pc to administer and need to have low level remote access, because RDP will not work for accessing BIOS or if windows crashed) may have opened that network interface to internet, then it's bad.
      My Computer


  8. Posts : 2,765
    Windows 10 Home x64
       #8

    I ran the tool on my Haswell-E PC and it said I wasn't affected.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 11:18.
Find Us




Windows 10 Forums