A pair of critical privilege escalation vulnerabilities in Intel’s Active Management Technology (AMT), Standard Manageability (ISM), and Small Business Technology (SBT) firmware could allow an unprivileged attacker to remotely gain network or system privileges. Affected chips date back to 2008, when Intel started using the Nehalem architecture.
The Mitigation Guide released by Intel states that companies using the AMT management solution could be remotely or locally exploitable by attackers, and should start by unprovisioning the Intel Manageability SKU clients. Intel also says disabling or removing the Local Manageability Service (LMS) could mitigate the vulnerability.
“Intel highly recommends that the first step in all mitigation paths is to unprovision the Intel manageability SKU to address the network privilege escalation vulnerability,” reads the mitigation guide. “For provisioned systems, unprovisioning must be performed prior to disabling or removing the LMS.”
One way of figuring out if machines have LMS services enabled is to check if the 16992, 16993, 16994, 16995, 623, and 664 ports are listening for instructions from Intel Manageability Engine. These ports can route traffic directly through the firmware, and network hosts listening on these ports could be used by attackers when pivoting their attack.
While consumer Intel chips do not appear affected, Intel advises affected companies to either check with their OEMs for firmware updates or simply adhere to the published mitigation guide. Affected Intel manageability firmware versions range from 6.0 to 11.6, from 1st generation all the way to 7t generation CPUs.
However, with older machines not being supported anymore by manufacturers, it’s likely they won’t receive the firmware update and IT administrators will have to simply follow Intel’s mitigation guideline.