[e1-531g]

INTEL-SA-00075

Intel patches remote hijacking vulnerability that lurked in chips for 7 years

Explained — How Intel AMT Vulnerability Allows to Hack Computers Remotely

What You Need To Know About The Intel AMT Vulnerability

Quote:

May 5, 2017 – Embedi For the first time since Intel made the Intel ME vulnerability known to the public, Embedi has now been granted permission to reveal the technical details publicly. Embedi, which detected the Intel AMT vulnerability in mid-February of this year, feared releasing the details before it was fixed would spark attacks on Intel AMT business users. Intel representatives were informed in March

The Intel AMT vulnerability is the first of its kind. The exploitation allows an attacker to get full control over a business computers, even if they are turned off (but still plugged into an outlet). We really hope by bringing this to light, it will raise awareness about security issues in firmware and avoid possible issues in the future.

By nature, the Intel AMT exploitation bypasses authentication. In other words, an attacker may now credentials and still be able to use the Intel AMT functionality. Access to ports 16992/16993 are the only requirement to perform a successful attack.