Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 5 MINUTES AGO.
You are here: Home / Data Security / Intel IDs Years-Old Firmware Bug
Intel Identifies Critical Firmware Bug That's Lurked Nearly 10 Years
Intel Identifies Critical Firmware Bug That's Lurked Nearly 10 Years
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
MAY
02
2017
A researcher with an Internet of Things security startup recently identified a critical vulnerability in Intel firmware that could allow an attacker to access enterprise systems using Intel's Active Management Technology, Small Business Technology or Standard Manageability.

Intel published details about the vulnerability on its Security Center yesterday. The company is warning users to check with their equipment manufacturers for updated firmware or, if that's unavailable, to take steps to secure their systems.

Identified by Maksim Malyutin, a researcher with the Berkeley-based startup Embedi, the vulnerability has existed in systems released by Intel since 2010-2011. Intel noted in its security advisory that the bug does not affect any of its consumer PCs.

Firmware Patching Poses Challenges

The escalation of privilege vulnerability, CVE-2017-5689, could allow a hacker to remotely access machines running Intel's Active Management Technology (AMT) or Intel Standard Manageability (ISM). It could also enable an unauthorized user to change management features on systems running either AMT, ISM or Intel's Small Business Technology.

"The vulnerability is a serious threat and the prevention measures from exploitation is a timely process for users -- timely, but necessary," Embedi said in a blog post today. "It is also important to note the difficulties with firmware patching, which is needed to mitigate this vulnerability. Firmware patching takes an extremely long time to test before it is deployed to all of their users."

While initial reports suggested the vulnerability has existed since 2008, Embedi said the bug affects only Intel firmware that's come out since 2010 at the earliest.

In a tweet today, Embedi CTO Dmitriy Evdokimov posted a graph from the IoT device search engine Shodan showing that top organizations potentially affected by the AMT vulnerability include several universities, as well as telcos such as Verizon Wireless and Deutsche Telekom.

Working To Update 'ASAP'

Intel's Security Center advisory provides links to both a PDF guide to detect which systems might have the vulnerability, and a downloadable mitigation guide. According to the mitigation guide, "Intel highly recommends that the first step in all mitigation paths is to unprovision the Intel manageability SKU to address the network privilege escalation vulnerability."

Intel spokesperson William Moss told Kaspersky Labs' Threatpost, "We have implemented and validated a firmware update to address the problem, and we are cooperating with equipment manufacturers to make it available to end-users as soon as possible."

In his personal blog yesterday, Matthew Garrett, a security developer at Google, noted the vulnerability doesn't affect all Intel systems that have come out over the past few years. "Most Intel systems don't ship with AMT," Garrett said. "Most Intel systems with AMT don't have it turned on." However, users with systems that have turned on AMT should be aware of the vulnerability and take action to address it, he added.

"If a vendor is no longer providing updates then it should at least be possible for a sufficiently desperate user to pay someone else to do a firmware build with the appropriate fixes," Garrett said. "Leaving firmware updates at the whims of hardware manufacturers who will only support systems for a fraction of their useful lifespan is inevitably going to end badly."

Image credit: Intel.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
After testing a pilot version in Russia, China, and Nordic countries last year, the Russia-based cybersecurity firm Kaspersky Labs says it will begin a global rollout of its free antivirus product.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.