Intel Identifies Critical Firmware Bug That’s Lurked Nearly 10 Years

A researcher with an Internet of Things security startup recently identified a critical vulnerability in Intel firmware that could allow an attacker to access enterprise systems using Intel's Active Management Technology, Small Business Technology or Standard Manageability.

Intel published details about the vulnerability on its Security Center yesterday. The company is warning users to check with their equipment manufacturers for updated firmware or, if that's unavailable, to take steps to secure their systems.

Identified by Maksim Malyutin, a researcher with the Berkeley-based startup Embedi, the vulnerability has existed in systems released by Intel since 2010-2011. Intel noted in its security advisory that the bug does not affect any of its consumer PCs.

Firmware Patching Poses Challenges

The escalation of privilege vulnerability, CVE-2017-5689, could allow a hacker to remotely access machines running Intel's Active Management Technology (AMT) or Intel Standard Manageability (ISM). It could also enable an unauthorized user to change management features on systems running either AMT, ISM or Intel's Small Business Technology.

"The vulnerability is a serious threat and the prevention measures from exploitation is a timely process for users -- timely, but necessary," Embedi said in a blog post today. "It is also important to note the difficulties with firmware patching, which is needed to mitigate this vulnerability. Firmware patching takes an extremely long time to test before it is deployed to all of their users."

While initial reports suggested the vulnerability has existed since 2008, Embedi said the bug affects only Intel firmware that's come out since 2010 at the earliest.

In a tweet today, Embedi CTO Dmitriy Evdokimov posted a graph from the IoT device search engine Shodan showing that top organizations potentially affected by the AMT vulnerability include several universities, as well as telcos such as Verizon Wireless and Deutsche Telekom.

Working To Update 'ASAP'


Comments are closed.