My quick temporary fix regarding CVE-2017-5689 vulnerability until you can apply a new BIOS update:
Change default admin name account to something random, do not create another admin account:
Is this approach viable if admin account name is unknown to attacker ?
This method was confirmed by other professionals to be effective for protecting your computer from remote AMT login !
Renaming default admin name account to something random will protect your computer with AMT active only from other host accessing your AMT computer by LAN or WAN.
It will NOT protect you from login/attack via local interface with LMS access !!!
It is best to use AMT with TLS so connection and traffic will be encrypted and admin name account can't be sniffed !
Remember you are still vulnerable from attack via local interface LMS access !!!
If you are looking for 100% protection then follow Intel advisory and unprovison and disable AMT !
Message was edited by: Lucian L.
I just set up the following into a domain-logon script to disable and or delete files as suggested in the INTEL-SA-00075 Mitigation Guide. Can someone confirm whether this fix will be enough until we can apply the announced manufacturers' BIOS patches ?
Thanks a lot, Rosario
REM disable Intel AMT and LMS for security reasons
sc config LMS start=disabled
sc config jhi_service start=disabled
rem sc delete LMS
rem sc delete jhi_service
rem erase /f /s /q "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
rem erase /f /s /q "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
rem or everything in there
rem erase /f /s /q "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\*.*"
rem check back and write into log files:
netstat -na | findstr "\<16993\> \<16992\> \<16994\> \<16995\> \<623\> \<664\>" >> c:\temp\intelLMS.log