Determine security ramifications to protect personal data and information
109 Discusiones

IPAS: Security Advisories for September 2020

0 1 2,168

Hi everyone,

Today we are releasing four security advisories addressing 9 vulnerabilities that were all internally found by Intel except for INTEL-SA-00405 which was reported through our bug bounty program. We believe that transparency around the issues we find internally helps our customers to more accurately make risk assessments and we continue to invest heavily in internal research as well as through our bug bounty program.

For today’s release, we encourage customers to review INTEL-SA-00404, Intel® Active Management Technology (AMT) Advisory. This advisory addresses an internally found, CVSS 9.8 vulnerability, within a third party component used in AMT. AMT is part of the Intel® vPro® platform and is primarily used by enterprise IT shops for remote management of corporate systems. The issue we discovered could allow an unauthenticated user to escalate privileges on AMT provisioned systems across the corporate network. For customers using Intel® vPro® systems that do not have AMT provisioned, an authenticated user with local access to the system may still be able to escalate privileges. If the platform is configured to use Client Initiated Remote Access (CIRA) and environment detection is set to indicate that the platform is always outside the corporate network, the system is in CIRA-only mode and is not exposed to the network vector.

While we are not aware of the AMT issue being used in active attacks, Intel has provided detection guidance to various security vendors who have released signatures into their intrusion detection/prevention products as an extra measure to help protect customers as they plan their deployment of this update.

For applicable advisories, please check with your system manufacturer for updates. You can find a list of support sites HERE.


Jerry Bryant
Director of Communications
Intel Product Assurance and Security
Acerca del autor
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.
1 Comentario

I have got a Laptop "HP EliteBook 1040 G3" with Intel Core i7-6600U CPU 2.6 GHz. I have just updated the firmare Intel CSME to of HP web.
If I run CSME Detection Tool v9.0.3.0, it say that my laptop is VULNERABLE in CSME
What is reason?