Intel detailed the impact of the vulnerability in a public disclosure made yesterday. The company described how the “escalation of privilege” attack lets hackers target thousands of machines fitted with Intel Active Management Technology, Standard Manageability or Small Business Technology systems.
As discovered by SemiAccurate over five years ago, Intel firmware versions ranging from 6.x up to 11.6 are known to be affected. Security researchers have suggested the threat posed by the issue is significant but likely to be mitigated by protections around the affected software services. To remotely hijack a PC over the Internet, an attacker would also have to bypass some Windows services.
An analysis of the number of affected machines currently in use worldwide uncovered around 7,000 PCs. Ars Technica reports HD Moore, vice president of research and development at Atredis Partners, ran a port scan across the Internet to find computers with ports 16992 and 16993 left open. Intel’s Active Management Technology uses these ports to communicate over networks. The vulnerability can only be exploited if they are open.
While this limits the scope for remote network-based attacks, physical access remains an option. An employee or user within a company could escalate their regular low-level privileges to system level, giving them control of the device. It’s a less common attack vector but one that represents a rising concern for larger companies.
Although the number of vulnerable PCs is relatively low, hundreds of thousands of machines will have been shipped worldwide with the affected chips. Intel’s vPro products are popular with businesses and are frequently found in workstation machines. The software in which the flaw was found is used by corporate IT departments to remotely manage hundreds of computers at once.
In its disclosure, Intel ranked the problem as “critical” and advised customers to immediately install updated firmware that resolves the issue. The company has backported its patch to all the affected firmware versions to ensure every impacted processor model is covered.
Although an update is now available, Intel’s leaving it up to individual hardware manufacturers to distribute the fix. Because of this, it’s unlikely that all the affected devices will receive the patch, leaving some vulnerable for the rest of their life.
Intel has published a list of mitigations to use if no update is available. They mostly focus on disabling its Active Management Software though, something that won’t be feasible in many business use cases. As is so often the case with cybersecurity alerts, some device owners will be forced to stay at risk long past the development of a fix. Even where updates are available it’s likely organisations will postpone their release until a more convenient time.
