Intel Patches Remote Execution Hole That's Been Hidden In Its Chips Since 2008

Chris Williams reports via The Register: Intel processor chipsets have, for roughly the past nine years, harbored a security flaw that can be exploited to remotely control and infect vulnerable systems with virtually undetectable spyware and other malicious code. Specifically, the bug is in Intel's Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows "an unprivileged attacker to gain control of the manageability features provided by these products." That means hackers exploiting the flaw can silently snoop on a vulnerable machine's users, make changes to files and read them, install rootkits and other malware, and so on. This is possible across the network, or with local access. These management features have been available in various Intel chipsets for years, starting with the Nehalem Core i7 in 2008, all the way up to Kaby Lake Core parts in 2017. According to Intel today, this critical security vulnerability, labeled CVE-2017-5689, was found and reported in March by Maksim Malyutin at Embedi. To get the patch to close the hole, you'll have to pester your machine's manufacturer for a firmware update, or try the mitigations here. These updates are hoped to arrive within the next few weeks.

More information please!

* Does this affect every PC, or just people who bought special "business class" computers?

* If it affects all PCs, does "pester your machine's manufacturer for a firmware update" mean the same thing as "check your motherboard manufacturer's website for a patch," or does it imply that you're SOL if you built your own PC from parts?

* Intel's patch is Windows only. Does it affect Linux, or is Intel just being lazy?

* Should I tell my family to buy new PCs if their old PCs are out of warranty?

Re:Not surprised

Why do you idiots always assume that the US would be the only country interested in spying? You think Intel is a US company? Think again.

Default password = admin

[eric31415927]

The CTRL-p menu (after much of the booting had taken place) brought me to a AMT/ME screen where I could turn AMT off after entering a password.
The default password is "admin" which worked with my refurbished HP Xeon box. I have since changed the password.

Re:Just because you're paranoid

[BlueStrat]

You'd have to turn on AMT to begin with in order for this to work.

Are you absolutely positive AMT cannot be remotely activated? Given the circumstances and who might be involved in this exploit existing and/or remaining unpatched for such a long time, I wouldn't trust that clicking to un-check that AMT box disables all of it, especially if the vulnerability was deliberate.

This makes me wonder what vulnerability nastiness has remained undiscovered/unreported (intentionally baked-in?) about AMD CPUs and chipsets. You know the TLAs wouldn't ignore AMD.

Strat

Do you think this was accidental?

It's funny how many critical security flaws are so devious that they allow state-actors to just walk right in, and when they're found they stick out like sore thumbs. This here is exactly why you shouldn't buy CPUs from NSA-CIA-Intel.

Re:Explain to me

[butzwonker]

Wait a minute. This (partly intentional) flaw affects practically every Intel-based PC since 2008 and some platforms since 2006. It's true that if you have remote management disabled it appears to lead to local exploits only at first sight, but there are many reasons to believe that even with the option disabled remote exploits may become possible. ME allows the running of signed Java programs on a completely separate core, which are sent via ethernet and have full access to memory and i/o controllers, it can be used to side-channel attack disk encryption and the probability that there is a serious bug that allows for remote exploits in such a complex infrastructure is also fairly high.