How to check for the Intel Active Management exploit

How to check for the Intel Active Management exploit that lets hackers take over your PC
By Gordon Mah Ung
EXECUTIVE EDITOR, PCWORLD | MAY 9, 2017 3:25 AM PT
http://www.techconnect.com/article/...loit-that-lets-hackers-take-over-your-pc.html

" How to find out whether your PC is safe
While the vast majority of consumer PCs probably don't have the exploit, it wouldn't hurt to take five minutes to check your system.

First, download Intel's tool to check for the vulnerability. You can also click this link to download it from Intel directly. It's listed as supporting Windows 10 and Windows 7, but we had no issues running it on Windows 8.1.

Once you've downloaded it, decompress the zip file to a folder. Open the folder, then open its Windows subfolder. Inside you'll find several files. Launch Intel-SA-00075-GUI.exe."

INTEL-SA-00075 Detection Guide
Version: 1.0 (Latest) Date: 5/3/2017
https://downloadcenter.intel.com/download/26755
https://downloadcenter.intel.com/downloads/eula/26755/INTEL-SA-00075-Detection-Guide?httpDown=https://downloadmirror.intel.com/26755/eng/Intel-SA-00075_1.0.1.6.zip

 

Gordon Mah Ung is the man, I can't wait to read this.

 

Remote access bug in Intel AMT worse than we thought, says researcher
A long-standing flaw in Intel's manageability firmware may date back 10 years and is trivial to exploit, so patch your devices now, says security researcher.
https://www.scmagazineuk.com/remote...an-we-thought-says-researcher/article/655543/


"Intel is warning users of its chips that an attacker could gain remote access to PCs or devices that have its manageability firmware.

Intel described it as a critical escalation of privilege vulnerability while other commentators said the simplicity and severity put it more in the category of a backdoor.

According to an Intel Vulnerability Tracking Page set up by SSH Communications Security, Intel has provided OEM partners with a fix, though none of the OEMs has yet released updated firmware.

Specifically, the flaw was found in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology, firmware versions 6 through 11.6. Various reports state that the bug dates back to approximately 10 years ago.

According to Intel, there are two ways an attack can potentially access the vulnerability: "an unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs" or "an unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs." The first method does not apply to Intel Small Business Technology.

“It is stunning that a vulnerability this severe can exist in practically every Intel server. If, as some sources now say, Intel has known of this vulnerability for years, it can only be an intentional backdoor," Tatu Ylonen, founder and SSH fellow, SSH Communications Security, said in comments sent to SC Media.

"It undermines the very fabric of information society. This vulnerability could cause many billions of dollars of damage to enterprises if weaponized against their servers and data. The impact can also be particularly long-term if their internal cybersecurity systems are compromised as a result of this vulnerability.”

Ylonen said the vulnerability could be exploited with just five lines of Python code in a one-line shell command.

In his blog, he wrote: “ If your Active Directory server's AMT port can be accessed, this is like giving every internal user Domain Administrator rights to your domains.”"

Intel advises that affected customers check with their system OEM for updated firmware. For those who cannot yet update their firmware, the company has published a document that details steps for mitigation.

Ylonen's advice is to disable AMT immediately, beginning with the most critical servers in your organisation. He also advises data centres block ports 16992, 16993, 16994, 16995, 623 and 664 in internal firewalls now if they can.

 

I ran the Intel tool and I'm not vulnerable.

 

Sweet

Which ones? Do you have the ability to disable Intel Management in the BIOS?

 

I'm not sure, I ran the app. I will check for that option in BIOS and see.

 

What's wrong with Phoenix thread?

 

Same here downloaded and not vulnerable. I did also update my Windows 10 before running this check.

 

I didn't notice it, and @Phoenix didn't say anything

I've asked that they are merged.

@Phoenix don't be shy, if you've posted something similar first, let me know next time.

 

It's too late to merge the two.
Please continue here:
http://forum.notebookreview.com/threads/disable-intel-amt.804525/