frogboy

Level 75
Verified
Trusted
Intel's security team released a series of patches yesterday that fix a remote code execution (RCE) bug found in the Intel Management Engine (ME).

The RCE bug affects Intel ME technologies such as Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

All of these are technologies that allow a systems administrator to manage workstations remotely over a network, via ports 16992 or 16993. These features are not found in consumer-grade CPUs, but only in enterprise solutions, and mostly in server chipsets.

Intel server chipsets released in the last nine years are affected
The issue, tracked as CVE-2017-5689, was discovered by security researcher Maksim Malyutin of Embedi in March, and affects Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. Versions before 6 or after 11.6 are not impacted.

Yesterday, Intel released a security advisory regarding the issue, new firmware versions, instructions to detect if any workstations run AMT / ISM / SBT technology, and a detection guide to assess if systems are running vulnerable versions.

The last part shouldn't be that hard, since the flaw appears to impact all server CPU versions released in the past nine years, since 2008.
Intel Fixes 9-Year-Old CPU Flaw That Allows Remote Code Execution
Read More.