https://community.intel.com/t5/Intel-vPro-Platform/Intel-AMT-quick-temporary-fix-until-new-BIOS-release/m-p/516742#M6099 <P>Sorry I forgot to stop the services before to delete them and checking back, so adding</P><P></P><P>sc stop LMS</P><P>sc stop jhi_service</P> Thu, 11 May 2017 06:27:42 GMT RCarc 2017-05-11T06:27:42Z https://community.intel.com/t5/Intel-vPro-Platform/Intel-AMT-quick-temporary-fix-until-new-BIOS-release/m-p/516740#M6097 <P>My quick temporary fix regarding CVE-2017-5689 vulnerability until you can apply a new BIOS update:</P><P></P><P>Change default admin name account to something random, do not create another admin account:</P><P></P><P></P><P></P><P>Is this approach viable if admin account name is unknown to attacker ?</P><P></P><P>Update 7-05-2017:</P><P>This method was confirmed by other professionals to be effective for protecting your computer from remote AMT login !</P><P></P><P>Renaming default admin name account to something random will protect your computer with AMT active <B>only</B> from other host accessing your AMT computer by LAN or WAN.</P><P></P><P><I>It will NOT protect you from login/attack via local interface with LMS access !!!</I></P><P><I>It is best to use AMT with TLS so connection and traffic will be encrypted and admin name account can't be sniffed !</I></P><P></P><P></P><P>&nbsp;</P>Remember you are still vulnerable from attack via local interface LMS access !!!<P></P><P>If you are looking for 100% protection then follow Intel advisory and unprovison and disable AMT !</P><P>&nbsp;</P><A href="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&amp;languageid=en-fr">https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&amp;languageid=en-fr</A> <A href="https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&amp;languageid=en-fr">https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&amp;languageid=en-fr</A><P></P><P>Message was edited by: Lucian L.</P> Sat, 06 May 2017 12:48:53 GMT https://community.intel.com/t5/Intel-vPro-Platform/Intel-AMT-quick-temporary-fix-until-new-BIOS-release/m-p/516740#M6097 LL4 2017-05-06T12:48:53Z https://community.intel.com/t5/Intel-vPro-Platform/Intel-AMT-quick-temporary-fix-until-new-BIOS-release/m-p/516741#M6098 <P>I just set up the following into a domain-logon script to disable and or delete files as suggested in the INTEL-SA-00075 Mitigation Guide. Can someone confirm whether this fix will be enough until we can apply the announced manufacturers' BIOS patches ?</P><P></P><P>Thanks a lot, Rosario</P><P></P><P>REM disable Intel AMT and LMS for security reasons</P><P>sc config LMS start=disabled</P><P>&nbsp;</P>sc config jhi_service start=disabled<P>rem sc delete LMS</P><P>&nbsp;</P>rem sc delete jhi_service<P>rem erase /f /s /q "<A>C:\Program</A> Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"</P><P>&nbsp;</P>rem erase /f /s /q "<A>C:\Program</A> Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"<P>rem or everything in there</P><P>&nbsp;</P>rem erase /f /s /q "<A>C:\Program</A> Files (x86)\Intel\Intel(R) Management Engine Components\*.*"<P></P><P>rem check back and write into log files:</P><P>netstat -na | findstr "\&lt;16993\&gt; \&lt;16992\&gt; \&lt;16994\&gt; \&lt;16995\&gt; \&lt;623\&gt; \&lt;664\&gt;" &gt;&gt; <A>c:\temp\intelLMS.log</A></P><P>start <A>c:\windows\IntelLMS\Intel-SA-00075-console.exe</A> -f -p <A>c:\temp\</A></P> Wed, 10 May 2017 14:20:04 GMT https://community.intel.com/t5/Intel-vPro-Platform/Intel-AMT-quick-temporary-fix-until-new-BIOS-release/m-p/516741#M6098 RCarc 2017-05-10T14:20:04Z https://community.intel.com/t5/Intel-vPro-Platform/Intel-AMT-quick-temporary-fix-until-new-BIOS-release/m-p/516742#M6099 <P>Sorry I forgot to stop the services before to delete them and checking back, so adding</P><P></P><P>sc stop LMS</P><P>sc stop jhi_service</P> Thu, 11 May 2017 06:27:42 GMT https://community.intel.com/t5/Intel-vPro-Platform/Intel-AMT-quick-temporary-fix-until-new-BIOS-release/m-p/516742#M6099 RCarc 2017-05-11T06:27:42Z