14 DAY TRIAL // Intel has issued a security advisory regarding a critical flaw that has been affecting its processors for almost a decade.
The vulnerability resides in the Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability. This is a feature that's mostly used for computers running vPro processors bought by business customers and is used to administer large fleets of computers.
Regular users shouldn't be too concerned because the bug doesn't affect chips running on consumer PCs. The situation, however, is critical and has been marked as such.
"There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs," reads the advisory.
According to the company, the vulnerability may be exploited in two ways. The first is through an unprivileged network attacker who could gain system privileges to provisioned Intel manageability SKUs, namely the three aforementioned tools.
The second is through an unprivileged local attacker that could provision manageability features gaining unprivileged network or local system privileges on the three affected tools.
Nasty situation, but not that dire
Ever since the advisory was made public, security experts have been trying to figure out what impact this vulnerability has in the real world. One researcher, for instance, claims that every Intel platform had a remotely exploitable security hole that had gone unfixed for years and that it could likely be exploited over the Internet only when the AMT service was enabled and provisioned inside a network.
Others are equally relaxed about the situation. While the vulnerability is problematic, for an attacker to succeed, the Windows software called Local Manageability Service would have to be running too. In short, only servers running that service with the port reachable are exposed to remote code execution.
Using the Shodan computer search engine, just over 6,200 servers had ports 16992 or 16993 open, which is required for a remote attack.
Update: You can also download the patch straight from Softpedia.