Security
Determine security ramifications to protect personal data and information
106 Discussions

IPAS: Security Advisories for September 2020

IPAS_Security
Employee
‎09-08-2020 10:00 AM
0 1 1,973
sept2020.jpg

Hi everyone,

Today we are releasing four security advisories addressing 9 vulnerabilities that were all internally found by Intel except for INTEL-SA-00405 which was reported through our bug bounty program. We believe that transparency around the issues we find internally helps our customers to more accurately make risk assessments and we continue to invest heavily in internal research as well as through our bug bounty program.

For today’s release, we encourage customers to review INTEL-SA-00404, Intel® Active Management Technology (AMT) Advisory. This advisory addresses an internally found, CVSS 9.8 vulnerability, within a third party component used in AMT. AMT is part of the Intel® vPro® platform and is primarily used by enterprise IT shops for remote management of corporate systems. The issue we discovered could allow an unauthenticated user to escalate privileges on AMT provisioned systems across the corporate network. For customers using Intel® vPro® systems that do not have AMT provisioned, an authenticated user with local access to the system may still be able to escalate privileges. If the platform is configured to use Client Initiated Remote Access (CIRA) and environment detection is set to indicate that the platform is always outside the corporate network, the system is in CIRA-only mode and is not exposed to the network vector.

While we are not aware of the AMT issue being used in active attacks, Intel has provided detection guidance to various security vendors who have released signatures into their intrusion detection/prevention products as an extra measure to help protect customers as they plan their deployment of this update.

For applicable advisories, please check with your system manufacturer for updates. You can find a list of support sites HERE.

Regards,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security
0 Kudos
About the Author
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.
1 Comment
ACasado
Beginner
‎03-07-2024 04:09 AM

I have got a Laptop "HP EliteBook 1040 G3" with Intel Core i7-6600U CPU 2.6 GHz. I have just updated the firmare Intel CSME to 11.8.93.4323 of HP web.
If I run CSME Detection Tool v9.0.3.0, it say that my laptop is VULNERABLE in CSME
What is reason?

 

Regards

0 Kudos

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.