How to remote hijack computers using Intel's insecure chips: Just use an empty login string

Exploit to pwn systems using vPro and AMT

Now we play the waiting game: Show us the fixes

So where are we at with these patches, which must be distributed by the machine vendors presumably because they need to sign off on the firmware updates before they're put into customers' hands. We pinged some of the major suppliers of Intel-powered biz boxes for a status update. Here's what we got back:

HP Inc

A spokeswoman told us the PC maker will be in touch with its customers with details of the firmware updates, adding that the HP Inc is "working closely with Intel to validate and implement their firmware update and assist our customers in mitigation of potential risks." The complete list of affected products is here: there is a staggering shedload of products hit by this bug.

"This vulnerability is a security flaw that originated in the development and deployment of Intel's manageability firmware," the HP Inc rep told The Register.

"HP and Intel are working closely together to ensure there are appropriate fixes and tools for customers and their specific environments. HP is coordinating with our customers on a deployment plan. Our top priority is mitigating security issues and deployment complexity for our customers."

Patches are due to arrive toward the end of this month and into June, depending on the product family.

Lenovo

The PC slinger has an extensive page here detailing which machines are affected, and when fixes are likely to land – mostly from May 24 onwards into June. ThinkCentre, ThinkPad, ThinkServer, and ThinkStation lines are affected.

"Lenovo is fully aware of the firmware vulnerability in some versions of Intel’s manageability features that impacts certain Lenovo as well as other manufacturers’ PC devices," a spokesman for Lenovo told us.

"Lenovo’s Product Security Incident Response Team (PSIRT) is working closely with Intel on a permanent solution to the vulnerability. In the meantime, Lenovo is recommending all customers take the following steps to mitigate the problem:

"The network vulnerability can be mitigated by un-provisioning the Intel manageability SKU (AMT and ISM) or disabling the Intel manageability technology within the Intel MEBx. The local vulnerability can be mitigated by disabling or uninstalling Local Manageability Service (LMS) on Intel manageability SKUs (AMT, ISM, and SBT)."

That local vulnerability is a real but separate issue: if you have vPro and AMT present and enabled on your computer but not provisioned, you are still at risk from a local privilege escalation, as detailed in Intel's original advisory.

Fujitsu

The Japanese IT giant has a page here listing steps to check if you're affected and how to get the firmware updates needed.

Hewlett Packard Enterprise

No one was available to comment nor confirm availability of any patches, if necessary.

Dell

No one was available to comment nor confirm availability of any patches, if necessary.

Cisco

The networking and server equipment supplier says it is not affected. "Cisco PSIRT is aware of this issue," a Cisco spokesperson told us.

"At this time, our investigation has not identified any affected Cisco technology. If something new is found that our customers need to be aware of and respond to, we will make sure our customers know what it is and how to fix it through our established disclosure processes."

Apple

Apple's x86-powered Macs are not affected as they do not ship with Intel's AMT software. ®




Biting the hand that feeds IT © 1998–2019