Por ahi hay un bug presente en los procesadores corei de primera generacion hasta la septima, el cual es una vulnerabilidad a la seguridad, e intel esta dandoel aviso. Ekl bug esta sobre las tecnologias Active Management Technology (AMT), Standard Manageability (ISM) y Small Business Technology (SBT). Aunque estas trcnologias no son para el usuariopromedio, pues no esta por demas se conozca sobre este aviso de intel.
https://security-center.intel.com/advis ... geid=en-frIntel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of PrivilegeProduct family: Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard
Impact of vulnerability: Elevation of Privilege
Severity rating: Critical
Summary:
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs with consumer firmware, Intel servers utilizing Intel® Server Platform Services (Intel® SPS), or Intel® Xeon® Processor E3 and Intel® Xeon® Processor E5 workstations utilizing Intel® SPS firmware.
For general guidance on this issue please see
https://newsroom.intel.com/news/importa ... -firmware/As Intel becomes aware of computer maker schedules for updated firmware this list will be updated:
HP -
https://support.hp.com/us-en/document/c05507350 Lenovo -
https://support.lenovo.com/us/en/produc ... /LEN-14963 Fujitsu -
http://support.ts.fujitsu.com/content/I ... rmware.asp Description:
There are two ways this vulnerability may be accessed please note that Intel® Small Business Technology is not vulnerable to the first issue.
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products:
The issue has been observed in Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability. Versions before 6 or after 11.6 are not impacted.
Recommendations:
Intel has released a downloadable discovery tool located at downloadcenter.intel.com, which will analyze your system for the vulnerability. IT professionals who are familiar with the configuration of their systems and networks can use this tool or can find more details below.
Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system. If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system then no further action is required.
Step 2: Utilize the INTEL-SA-00075 Detection Guide to assess if your system has the impacted firmware. If you do have a version in the “Resolved Firmware” column no further action is required to secure your system from this vulnerability.
Step 3: Intel highly recommends checking with your system OEM for updated firmware. Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 8.1.71.3608. (Note: for HP systems please check the table below for versions that are updated but are not 3000)
Step 4: If a firmware update is not available from your OEM, mitigations are provided the INTEL-SA-00075 Mitigation Guide.
For assistance in implementing the mitigations steps provided in this document, please contact Intel Customer Support; from the Technologies section, select Intel® Active Management Technology (Intel® AMT).
https://arstechnica.com/security/2017/0 ... r-10-yearsIntel patches remote hijacking vulnerability that lurked in chips for 7 years
Flaw in remote management feature gives attackers a way to breach networks.Remote management features that have shipped with Intel processors since 2010 contain a critical flaw that gives attackers full control over the computers that run on vulnerable networks, according to advisories published by Intel and the researcher credited with discovering the critical flaw.
Intel has released a patch for the vulnerability, which resides in the chipmaker's Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability. Business customers who buy computers running vPro processors use those services to remotely administer large fleets of computers. The bug doesn't affect chips running on consumer PCs. The chipmaker has rated the vulnerability critical and is recommending vulnerable customers install a firmware patch.
In the company's Monday post, Intel officials wrote:
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.
There are two ways this vulnerability may be accessed please note that Intel® Small Business Technology is not vulnerable to the first issue.
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
The flaw affects Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel's Active Management Technology, Small Business Technology, and Standard Manageability platforms. Versions before 6 or after 11.6 are not impacted.
Security experts spent much of Monday assessing the real-world threat posed by the bug. A post published earlier in the day claimed "every Intel platform from Nehalem to Kaby Lake [had] a remotely exploitable security hole" that had gone unfixed for years. Researchers who parsed Intel's advisory, however, said the flaw could likely be exploited over the Internet only when Intel's AMT service was enabled and provisioned inside a network.
Other researchers said the bar for unprivileged network attackers to succeed was probably lower because Windows-based software known as Local Manageability Service exposes the vulnerable AMT service through the operating system's IP address as well.
"This issue is remotely exploitable through the host operating system's IP address if the LMS service is running," HD Moore, who is vice president of research and development at Atredis Partners, told Ars. "Servers with TCP ports 16992 or 16993 exposed and AMT activated would be exploitable through either the AMT's independent IP address, or in the case of LMS being enabled, the host operating systems' IP address. An attacker with access to the ports and knowledge of the vulnerability could obtain the equivalent of authenticated access to the AMT web interface, which in turn can lead to arbitrary code execution on the operating system."
Moore said a query using the Shodan computer search engine detected fewer than 7,000 servers showing they had ports 16992 or 16993 open. Having those ports open is a requirement for the remote attack. That number of servers still represents a potentially substantial threat because tens of thousands of computers could be connected to some of those hosts. Enterprises that have LMS and AMT enabled in their networks should make installing the patch a priority. Those organizations that can't immediately install updates should follow these workaround instructions.
.
