MR - stock.adobe.com
Intel patches critical flaw in Active Management Technology
Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation.
Intel released a security advisory that addresses nine vulnerabilities, including a critical flaw in the chipmaker's Active Management Technology platform.
The vulnerability, CVE-2020-8758, scored a 9.8 out of 10 on the CVSS scale and if exploited could allow an unauthenticated user to escalate privileges. As part of Intel's vPro platform, Active Management Technology (ATM) is a hardware-based technology that operates independently of the operating system and is primarily used by enterprise IT shops for remote management of corporate systems. It's also partially used to deploy security patches and firmware updates. According to the advisory, Intel said there's no indication of the AMT flaw being used in active attacks.
Intel's Patch Tuesday included four security advisories in total, which affect Intel Driver and Support Assistant, BIOS firmware for multiple Intel platforms, Intel AMT and Intel Standard Manageability. Eight of the vulnerabilities were found internally by Intel's Product Assurance and Security team, including the most severe AMT flaw, and one was reported through Intel's bug bounty program.
Intel warned of additional issues as well.
"For customers using Intel vPro systems that do not have AMT provisioned, an authenticated user with local access to the system may still be able to escalate privileges," Jerry Bryant, director of communications, wrote in a blog post.
Intel worked with various security vendors to release patches and recommend updating to the latest version.
"The high severity of the AMT security vulnerability is because it affects Intel AMT managed systems. AMT, by nature, is designed to manage systems at a very low level. AMT can repair and manage devices independently of their host operating systems. So an attacker could potentially bypass any and all security measures implemented at the OS level," Ryan Seguin, research engineer at Tenable, said in an email to SearchSecurity.
AMT has had its share of security issues recently.
In 2017, Intel revealed an authentication bypass vulnerability in AMT. Intel did not initially release the technical details of the AMT authentication bypass, but security researchers at Tenable contacted Intel two days after the disclosure with a proof-of-concept exploit. Intel later posted full details of the flaw, along with a discovery tool and mitigation methods.
In 2018, researchers at security vendor F-Secure discovered insecure defaults in Intel's AMT, which could allow an intruder to completely bypass login credentials in most corporate laptops in 30 seconds. The issue allowed anyone with physical access to vulnerable devices to bypass the need to enter credentials. While it was technically not a vulnerability, researchers said the issue affected most corporate laptops that support Intel Management Engine or AMT.
For the most recent Intel AMT flaw, Seguin says the greatest risk of exploitation is the potential for an attacker to install a rootkit on a vulnerable device. "Since AMT allows users to manage device firmware, it's entirely possible that the only way to mitigate an installed rootkit would be to physically replace the affected device," he said.