Intel's AMT remote vulnerability
Intel's AMT remote vulnerability
[Security] Posted May 2, 2017 13:39 UTC (Tue) by corbet
The fears of vulnerabilities lurking in Intel's "management engine"
technology have just shown some validity: Intel has announced
a remotely exploitable vulnerability in it's "active management technology"
engine. "There is an escalation of privilege vulnerability in Intel
Active Management Technology (AMT), Intel Standard Manageability (ISM),
and Intel Small Business Technology versions firmware versions 6.x, 7.x,
8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker
to gain control of the manageability features provided by these products.
This vulnerability does not exist on Intel-based consumer PCs.
"
See Matthew Garrett's writeup for a more comprehensible summary of what is known at this time.