Today we are releasing four security advisories addressing 9 vulnerabilities that were all internally found by Intel except for INTEL-SA-00405 which was reported through our bug bounty program. We believe that transparency around the issues we find internally helps our customers to more accurately make risk assessments and we continue to invest heavily in internal research as well as through our bug bounty program.
For today’s release, we encourage customers to review INTEL-SA-00404, Intel® Active Management Technology (AMT) Advisory. This advisory addresses an internally found, CVSS 9.8 vulnerability, within a third party component used in AMT. AMT is part of the Intel® vPro® platform and is primarily used by enterprise IT shops for remote management of corporate systems. The issue we discovered could allow an unauthenticated user to escalate privileges on AMT provisioned systems across the corporate network. For customers using Intel® vPro® systems that do not have AMT provisioned, an authenticated user with local access to the system may still be able to escalate privileges. If the platform is configured to use Client Initiated Remote Access (CIRA) and environment detection is set to indicate that the platform is always outside the corporate network, the system is in CIRA-only mode and is not exposed to the network vector.
While we are not aware of the AMT issue being used in active attacks, Intel has provided detection guidance to various security vendors who have released signatures into their intrusion detection/prevention products as an extra measure to help protect customers as they plan their deployment of this update.
For applicable advisories, please check with your system manufacturer for updates. You can find a list of support sites HERE.
Director of Communications
Intel Product Assurance and Security