Results 1 to 6 of 6
  1. #1
    Rocket Man
    HTM~Batman's Avatar
    Join Date
    Jan 2015
    Location
    St. Ann, Missouri
    Posts
    180

    Vulnerability hits Intel enterprise PCs going back 10 years

    May. 5th, 2017, 10:32

    Intel reported a newly discovered firmware vulnerability which hits Intel enterprise PCs over the past decade on Monday. Intel said that an unprivileged attacker may use this vulnerability to attack computers through remote management. This vulnerability affects the firmware designed for enterprise IT management. Intel recommends that enterprise using Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability in the system should use the patch to fix vulnerability as soon as possible.

    It is reported that every generation Intel Core processor since 2008 are all likely to have this problem. This vulnerable vulnerability has been observed in Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. Intel said this vulnerability does not exist on Intel-based consumer PCs. The data center server running Intel Server Platform Services is also not affected by this vulnerability.

    Intel did not provide technical details of the vulnerability, but said hackers may use the vulnerability to take over the remote management. An Intel security researcher found the vulnerability in March, but there has been no report showing that the vulnerability was exploited to implement attacking yet.

    Intel already prepared patch and now is trying best to push it to users as soon as possible together with OEM. Before that, you can take the following steps to determine if you are affected:

    Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system: https://communities.intel.com/docs/DOC-5693. If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system then no further action is required.

    Step 2: Utilize the Detection Guide to assess if your system has the impacted firmware: https://downloadcenter.intel.com/download/26755. If you do have a version in the “Resolved Firmware” column no further action is required to secure your system from this vulnerability.

    Step 3: Intel highly recommends checking with your system OEM for updated firmware. Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 8.1.71.3608.

    Step 4: If a firmware update is not available from your manufacturer, mitigations are provided in this document: https://downloadcenter.intel.com/download/26754

    If the system manufacturer does not provide an available firmware update, Intel will also provide handing tips to customers. Intel said that disabling or removing the Windows service named "Local Manageability Service" can mitigate the impact of the vulnerability.

    For more info, please check Intel Security Center

  2. #2
    love this. I said years ago that forcing updates was a potential mass infection waiting to happen. Wonder what the litigation team at MS is taking to calm their nerves knowing what shit storm will follow a mass pc wipe

  3. #3
    Rocket Man
    HTM~Batman's Avatar
    Join Date
    Jan 2015
    Location
    St. Ann, Missouri
    Posts
    180
    Its Firmware, not drivers causing the issue. So the question is, what is Intel going to take to calm their nerves. I think a lot of the security problems here are more hypothetical in the sense that they could have happened on a large scale, but hasn't. Seeing, however, the large number of security breaches with banks and other industries, it makes you wonder how many that couldn't be explained are due to the firmware being compromised. After all, the drivers only do what the firmware tells it, unless a bug is found that the drivers and software can block from the firmware.

    Think of all those who DON'T update their drivers or even check firmware versions at all. When I worked for Northern Trust Bank (most people have never heard of them as they're a Trust firm to the wealthy) we had to do security audits monthly, that included firmware on everything save for video. It's a pretty standard practice in Banking, but how many industries are comfortable ignoring it. Many take it as "if it works, we're fine" when it comes to firmware.

  4. #4
    Banks may be checking their firmware but they aren't so up to date on their software. Last year I heard that over 75% of the ATM's worldwide were still using Windows XP and it's different versions (embedded) and the banks were spending millions to keep them cobbled together. I don't think that situation has improved much since last year.
    There are two rules in life:

    1.) Never give out all the information.

  5. #5
    ..Had to do a lot of firmware updates for Y2K, this is not that different. Check for the issue, then apply any required fix. The main trend that this really shows is the lack of comprehension in the I.T. world that just because you can do something (remote firmware based management), does not mean that you should or that's even a good idea. - Or at least if you do, to be 100% sure it can be fully disabled, and is disabled by default.

    Sadly we now have a lot of lower competency people in I.T., and they all think that they can "make stuff secure". There's a quote that applies...

    Merlin (from "Excalibur"): Remember, there's always something cleverer than yourself. A lot of I.T. people need to get that concept, and stop creating vulnerabilities though poor conceptual ideas.

    I've done security audits, and generally find vulnerabilities within a few minutes. When I discuss it with the I.T. people involved, I get a lot of "deer in the headlights" looks as their boss just watched me access secured areas of their network / website without even any special tools...

  6. #6
    Rocket Man
    HTM~Batman's Avatar
    Join Date
    Jan 2015
    Location
    St. Ann, Missouri
    Posts
    180
    Fortunately for me, I would find the vulnerability and fix it. I was IT (we me and a few others) for the bank.

    As far as the ATMs and cobbled XP and XP embedded, most of that is via whomever they have manage their ATM machines. Most banks do not manage or even own their ATMs. It removes the banks liabilities if a breach should occur. And the ATM's had their own group of firewalls and routers, so an ATM breach would not spread to other banking systems. Additionally, ATM's, as cobbled as they may be, will power off or go completely offline if the tampering is significant enough, like say emptying its money into the street.


    We had all remote firmware capabilities turned off specifically for security reasons. All it takes is someone with a hacked Firmware, access to remote servers with the capabilities to update the firmware, and you're screwed. It's not uncommon to add garbage to ensure a CRC match or MD5 in some cases.

    The only remote we had was to remote in to reboot a non responding server. It was a box all the servers VGA cables and POWER cables plugged into. You remote in and can only interrupt the power or turn the power on for any server. Since it wasn't communicating with the servers themselves, it was low risk. If someone got in, yea, they can sit there and keep clicking the reboot button and performing dirty reboots. If that got bad enough to where the server wouldn't boot, the failover drive array would take over, boot the server, and rebuild the other array.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •