Intel’s Active Management Technology (AMT) is a remote management feature built into Intel chips and it’s been around for a while. If the words “remote management” touches a nerve with you… it probably should. Any time you see the term it usually means there’s something opening a door somewhere that allows somebody not sitting at the machine to take control of it. And that’s exactly what it means with Intel’s AMT.
Intel’s AMT is a hardware and firmware technology that allows an admin or owner to monitor, maintain, and repair a system from a remote location. Because it’s built directly into the chip (a.k.a. hardware-based), with its own firmware, it does not need an operating system to access non-OS functions, but can be used in conjunction with other software management applications for greater access.
AMT has been around since 2010, and unfortunately so has the flaw that existed in the firmware. The flaw can be, as you may have guessed, remotely exploited. An attacker can access the AMT with escalated privileges, hence giving the attacker control of the system via the AMT and ISM (Intel Standard Manageability), or SBT (Intel Small Business Technology). All of this is made possible through a flaw in Intel’s ME (Management Engine), which is wrapped around each of the previously mentioned firmware. So really, it’s the whole architecture of Intel’s management suite that is broken.
NOTE: This flaw mostly affects workstations and servers in their vPro chips. According to Intel, “This vulnerability does not exist on Intel-based consumer PCs.“ – Intel’s official post
The largest problem we can see so far, is that it is becoming unclear as to how long Intel has known about the bug. There have been claims that Intel was made aware of the flaw back in 2013, and simply ignored the warning, deeming the risk of exploit as very low to improbable. Unfortunately, the flaw was found, and not just by one team, hence Intel’s rush to patch.
So where does Intel go from here? Well, the patch they’ve created should work well enough, but the problem is how to push it to the needed chips? Intel has to rely on the vendors to update the firmware for the chips, as it’s really not their place to do so. Which means if you’re running one of the vPro chips, you should probably start figuring out where you’re going to get this patch from.
Stay vigilant, stay aware and good luck.