Intel has just patched a serious firmware vulnerability that affects all of its desktop and notebook enterprise products sold in the last nine years. The security flaw left millions of enterprise platforms – from the first-generation Nehalem in 2008 all the way through to 2017’s Kaby Lake currently on the market – vulnerable to hacking.
In the security update released on Monday, Intel said that every enterprise PC installed with Active Management Technology (Intel vPro Suite), Intel Standard Manageability (Intel Servers) and Small Business Technology (versions 6 through to 11.6) were at risk of remote access by unprivileged attackers. Enterprise users have been asked to update their systems as soon as possible with the patch released by Intel, which is said to be able to fill the security holes left open by its enterprise remote management features.
Intel was also quick to emphasise that no consumer PCs or data server centres powered by Intel Server Platform Services are affected.
So What Was The Problem?
Active Management Technology (AMT), Intel Standard Manageability (ISM) and Small Business Technology (SBT) are powerful features in Intel firmware for enterprise IT and remote management, allowing system administrators to remotely track, manage and secure up to thousands of connected computers.
But what makes these features so powerful is also what makes them vulnerable to attack. Hackers could use the security flaw in these features to take over remote management functions and control entire fleets of PCs, either locally or remotely – allowing them to manipulate or steal data, silently tamper with the network, install virtually undetectable malware and so on.
Even more worrying than the risk itself is the fact that Intel had apparently known about the vulnerabilities for more than five years, and their slow response has drawn harsh criticism for not realising – and acting on – the seriousness of the potential threat.
Intel has pushed for all enterprise PC users to perform overall security checks and update their firmware as soon as possible.
The patch they developed will resolve the issue, but to get the patch you need a firmware-level update distributed by your manufacturer, and it will depend on individual manufacturers as to how quickly these updates will be released.
Intel is working with manufacturers to roll out the patch to users hopefully within the next few weeks. But in the meantime, you can use Intel’s Detection Guide to check if your system is vulnerable, and then follow the steps in their Mitigation Guide.
While Intel has stated that they “are not aware of any exploitation of this vulnerability”, Cymax has already taken steps to mitigate the risk while all identified systems are patched.