On Monday, May 1st, 2017, Intel released a security advisory with a critical severity rating for several components — specifically Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology products. These products enable, among other things, remote management and monitoring of systems. Multiple news agencies and online tech forums are covering this issue. However, as word spreads, facts can become clouded by Fear, Uncertainty, and Doubt (FUD). Hopefully, in this blog post, we’ll be able to help you separate the facts from the FUD.
When this information was released, we immediately began receiving questions from our clients. There is serious concern if this leaves them exposed to a potential security compromise. To help address this unease, we have researched the problem and put together information to help inform anyone that might be impacted. We have also come up with some step-by-step action plans customized to a client’s specific situation to help eliminate or reduce the security vulnerabilities. We are here to help and encourage anyone needing assistance to contact us for additional help.
Q: Is this flaw serious?
A: Yes. Intel released the advisory with a “critical severity” level. The security advisory contains statements that, “An unprivileged network attacker could gain system privileges,” and, “An unprivileged local attacker could… [gain] unprivileged network or local system privileges.” So, yes, it is absolutely serious.
Q: Should we be afraid?
A: No. Please combat fear with facts. Intel has released detailed information on:
- How to identify which systems are impacted,
- How to tell whether an OEM’s latest firmware release includes a patch, and
- How to mitigate the risk while waiting for a patch.
Q: “I read online that this flaw will give hackers access to <Fill in the Blank>!”
A: PLEASE refer to official advisories from Intel or from your hardware OEMs when detecting and remediating this issue. When issues like this arise, malicious persons often release false information in an effort to exploit others, to gain unauthorized access to systems, or to cause damage.
Q: How long has this flaw existed?
A: From the latest reports, the flaw dates back to sometime in 2008.
Q: How can we tell whether our systems are affected?
A: Since the flaw has been around for approximately nine years, the odds are very good that systems in your environment are at risk. Within the Intel advisory, there are links detailing how to determine whether systems are affected by the flaw.
Q: Where can I read the advisory from Intel?
A: You can read it here.
Q: My system does not use Intel vPro processors. Does that mean it is not affected?
A: Not necessarily. AMT is part of vPro, but ISM is not. So, please consult the Intel advisory to determine whether your systems are affected.
Q: When will manufacturers release patches for this issue?
A: Manufacturers of servers, workstations, laptops, and other devices which are impacted by this issue will need to test, validate, and package the patch for this flaw before they can release it on their devices. This process needs to be repeated for each device model that they manufacture. So, while the manufacturers will work diligently to release patches for this flaw, it will take time. In the meantime, the Intel security advisory includes details on how to mitigate the risks while awaiting patches from the OEM. You can find those steps here.
Q: How can flaws like this exist for so long without anyone detecting them?
A: Flaws like this exist because computer software is written by humans, and humans make mistakes. When we factor in the complicated realities of modern software development, flaws like this occur. As an example, in the seemingly less complicated world of physical locks, in 2004, a severe security flaw was found in Kryptonite bicycle U-locks. Specifically, the locking mechanism could be unlocked in seconds using only a disposable pen.
The most important thing to remember at times like this is to fight Fear, Uncertainty, and Doubt (FUD) with facts. Always ensure that patches which you download come from the OEM. Always ensure that detection, remediation, and repair information comes from reputable sources. In situations like this, fear is the enemy.