Image Image Image Image Image Image Image Image Image

Cyber Risk: Critical Intel Vulnerability

Intel confirmed that a critical vulnerability exists in computers running an affected version of the Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Small Business Technology. This is a hardware-level vulnerability and undermines security or controls implemented at the operating system or application levels.

In brief, it allows an attacker to gain administrative privileges to system memory (even worse, access is not logged [no audit trails] from this attack vector).

If you haven’t already, please review systems in your environment to validate whether any are vulnerable. If they are, you should strongly consider an expedited approach to patching and remediating this issue.

Feel free to reach out to our team of Cyber professionals if you have any questions! You can always reach me at dbuchanan@delapcpa.com.

Resources:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2017-5689

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5689

Update: The following link is for Intel’s detection tool. Use this as a way to validate whether a system is vulnerable.

https://downloadcenter.intel.com/download/26755