Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

AMT vulnerability

SBohl1
Beginner
‎01-23-2018 08:25 AM
1,811 Views

I am looking to find some concrete information on what steps will need to be taken in order to mitigate the AMT vulnerability (CVE-2017-5689) in our environment and would appreciate any help/information that can be provided.

  1. We have never provisioned Intel AMT. Does this mean we are not vulnerable, or does the existence of AMT in the BIOS automatically make a device vulnerable to exploit?
  2. I do see the UNS and LMS services running on well over a hundred devices in our environment. Does any potential exploit target these services? Will simply disabling these services mitigate any vulnerability?
  3. We have many devices that I am sure have AMT that appear not to have these services even installed. Are they vulnerable?

My goal is to not have to update the BIOS on 1500 or more systems, especially since we have never made use of AMT. If I can simply disable services on devices by script within Windows, and ignore devices that don't have the services, that is the ideal outcome.

Thank you for any help provided.

Sean

0 Kudos

Link Copied

3 Replies
SBohl1
Beginner
‎01-24-2018 08:08 AM
683 Views

As an update to this request for information, I found that even after running the mitigation tool against a device and taking the following three steps, unprovision (which it reported that it was never provisioned, as it should), disable client remote capabilities, and disable LMS services, and then re-running the discovery the device is still being reported as vulnerable. Is the mitigation tool not intelligent enough to determine that mitigation steps have been taken, or is there still a problem?

Again, thank you for any assistance.

Sean

0 Kudos
Copy link
idata
Employee
‎01-26-2018 01:42 PM
683 Views
In response to SBohl1

Hi Sean,

 

 

My understanding from your post is that your goal is to not have to update the BIOS on 1500+ systems and that you have run the detection and mitigation tool for Intel SA-00075. While performing the mitigation steps will help, your systems will still be considered vulnerable (even when re-running the tool against mitigated systems) until the firmware update for SA-00075 has been applied.

 

 

I could not tell from your post if you use a central management tool in your environment, like SCCM. There are methods for performing queries of your environment to determine systems that are vulnerable and then create a task to update the firmware.

 

 

Referencing one post that might be helpful:

 

https://communities.intel.com/thread/120105 https://communities.intel.com/thread/120105

 

 

Please let me know if there is anything further I can assist with.

 

 

Regards,

 

Michael A

 

 

 

 

 

https://downloadcenter.intel.com/download/26755
In response to SBohl1
0 Kudos
Copy link
idata
Employee
‎02-01-2018 01:47 PM
683 Views
In response to idata

Hi Sean,

 

 

Checking to see if you had further questions.

 

Regards,

 

Michael
In response to idata
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.