PINDROP BLOG

Intel Patches Ancient Critical Processor Bug

Intel has released a fix for a vulnerability that’s been sitting undiscovered in the firmware for some of its processors for nearly a decade. The vulnerability could allow an attacker to run arbitrary code on affected machines.

The newly patched bug is found in the firmware for some of the processors Intel makes for business-class PCs and servers. Specifically, the flaw is in the Active Management Technology (AMT), Standard Manageability (ISM), and Small Business Technology firmware, and it affects versions as old as nine years. The vulnerability can give an attacker on the target’s network the ability to run code on vulnerable machines.

Here are the two ways that an attacker could exploit the vulnerability:

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).

Intel said in its advisory that the vulnerability doesn’t affect any consumer PCs with Intel processors, but said the bug should be considered critical. The vulnerability affects most of the servers with Intel processors released in the last nine years.

“The problem is quite simple, the ME controls the network ports and has DMA access to the system. It can arbitrarily read and write to any memory or storage on the system, can bypass disk encryption once it is unlocked, read and write to the screen, and do all of this completely unlogged. Due to the network access abilities, it can also send whatever it finds out to wherever it wants, encrypted or not,” a blog post by Charlie Demerjian of Stone Arch Networking Services on the vulnerability says.

“While these capabilities sounds crazy to put on a PC, they are there for very legitimate reasons. If an IT organization needs to re-image a system, you need to be able to remotely write to disk. Virus cleaning? Scan and write arbitrary bits. User logging and (legitimate) corporate snooping? That too. In short everything you need to manage a box can be exploited in ugly ways.”

Intel is recommending that users upgrades to the fixed firmware versions as soon as possible.

Webinar: TACKLING THE 113% FRAUD INCREASE IN CALL CENTERS