Uncategorized

Gigabyte update for Intel AMT vulnerability

https://www.gigabyte.com/Press/News/1562

 

GIGABYTE Updating BIOS for Q270 and Q170 Series Motherboards in Response to Intel Updates

2017/07/12

Taipei, Taiwan, July 12th, 2017 – GIGABYTE TECHNOLOGY Co. Ltd., a leading manufacturer of motherboards and graphics cards, announces that it is in the process to update BIOS for Q270, Q170, and X170-WS ECC Series Motherboards. Based on latest Intel ME firmware updates, GIGABYTE will update BIOS for Q270 and models of previous chipsets accordingly to ensure the models meet latest security standards. GIGABYTE updated the BIOS for X170, X150, B150 and B250 models that are already available on GBT website. On the other hand, GIGABYTE is also updating Q87, Q85, B85, and other impacted models. The updates will be available shortly on the GBT website. For updates to these Motherboards please visit their respective product pages or speak with your technical support team for assistance. GIGABYTE strives to make sure users receive the best-in-class performance while maintaining the upmost security for all products.

http://techreport.com/news/32237/gigabyte-begins-rolling-out-bios-updates-to-close-intel-amt-hole

https://www.eteknix.com/gigabyte-bios-fix-intel-mangeability/

Standard
Uncategorized

Intel AMT and JavaScript

Now that Intel® AMT 11.6 is released, it’s finally time to circle back and highlight a big new feature of 11.6 that has been in the works for a long time: Web Storage and the ability for the default Intel® AMT web UI to be replaced. Ever since the start, Intel® AMT has always had a basic web page you could access with any browser. Because it’s all out-of-band, you could access the web page from a browser even if the target computer was soft-off, sleeping or had a non-functioning operating system. Over the last 10 years, the web has come a long way. The built-in Intel® AMT web page offers basic capabilities, but we can do a lot better now with HTML5 and WebSockets.[…]

https://software.intel.com/en-us/blogs/2017/02/13/meshcommander-v044-released

https://software.intel.com/en-us/search/site/language/en?query=AMT

Standard
Uncategorized

Paul’s Intel AMT overview

A few days ago, Paul English of PreOS Security wrote a blog post giving an brief overview of the recent Intel AMT vulnerability.

[Note: We’re going to try and post a blog entry for major firmware vulnerabilities that impact enterprises, and the recent Intel AMT vulnerability seems like a good place to start.]

http://preossec.com/blog/2017/06/17/intel-amt-cve/

[Disclaimer: I work with Paul, at PreOS Security.]

 

Standard
Uncategorized

Siemens updates for Intel AMT

Siemens has updated their products for Intel AMT vulnerability:

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf

https://threatpost.com/siemens-patches-critical-intel-amt-flaw-in-industrial-products/126652/
https://www.theregister.co.uk/2017/07/03/intel_amt_bug_bit_siemens_industrial_pcs/

Standard
Uncategorized

Intel AMT Clickjacking Vulnerability (INTEL-SA-00081)

Today Intel announced a NEW AMT security advisory:

Intel® AMT Clickjacking Vulnerability
Intel ID: INTEL-SA-00081
Product family: Intel® Active Management Technology
Impact of vulnerability: Information Disclosure
Severity rating: Moderate
Original release: Jun 05, 2017

Insufficient clickjacking protection in the Web User Interface of Intel® AMT firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205 potentially allowing a remote attacker to hijack users’s web clicks via attacker’s crafted web page. Affected products: Intel AMT firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205. Intel highly recommends that users update to the latest version of firmware available from their equipment manufacturer. Intel would like to thank Lenovo for reporting this issue and working with us on coordinated disclosure.[…]

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00081&languageid=en-fr

 

Standard
Uncategorized

More on malware use of Intel AMT

After the recent Microsoft mention of AMT being used by malware, there is a bit more on the press on AMT:

https://www.bleepingcomputer.com/news/security/malware-uses-obscure-intel-cpu-feature-to-steal-data-and-avoid-firewalls/

Standard
Uncategorized

Microsoft on malware use of Intel AMT

If you thought the recent Intel AMT security issues was just theoretical, here’s an example of malware using AMT.

https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/?platform=hootsuite

Standard