In a classic case of “better late than never” Intel has informed customers it has finally eradicated its INTEL-SA-00075 bug and provided a set of tools to diagnose, mitigate and/or resolve the issue.
From Nehalem to Kaby Lake, every Intel CPU built since the introduction of the Core microarchitecture has been plagued with a security bug which allowed unprivileged network attackers to remotely gain system privileges to computers operating under Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM), usually used in corporate environments to remotely manage your IT assets. The bug relates to a flaw in the Management Engine and while one may think they are impervious because they have the latest patches on their PC, one should check again. Also, you needn’t operate a PC provisioned with AMT or ISM in a business environment to be vulnerable, it seems, you are still vulnerable within a local network.
While most machines will be updated via the OEM’s firmware patches, the bug goes back long enough for you to do your own patching as the computer may have reached its end of support. If that is the case, head on down to Intel’s download center and follow the instructions. If you haven’t found a specific patch for your PC, you can run Intel’s vulnerability detection tool or simply nerf the necessary processes running in the background by following the instructions in Intel’s Mitigation Guide.
The bug discovery was attributed to Maksim Malyutin from Embedi, although we are aware that Charlie Demerjian over at Semiaccurate has been raging about it for years now, and with good reason.
KitGuru Says: While there have been no notable public incidents attributed to this bug, it seems a would-be attacker would have full access to machines operating under the bug. That is downright scary, considering it affects every Intel Core-based machine built in the last 9 years.