Intel issued an advisory on Monday warning of a critical escalation of privilege vulnerability in its firmware that can enable attackers to seize control of its products' manageability features.
According to an Intel Vulnerability Tracking Page set up by SSH Communications Security, Intel has provided OEM partners with a fix, though none of the OEMs has yet released updated firmware.
Specifically, the flaw was found in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology, firmware versions 6 through 11.6. Various reports state that the bug dates back to approximately 10 years ago.
According to Intel, there are two ways an attack can potentially access the vulnerability: "an unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs" or "an unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs." The first method does not apply to Intel Small Business Technology.
“It is stunning that a vulnerability this severe can exist in practically every Intel server. If, as some sources now say, Intel has known of this vulnerability for years, it can only be an intentional backdoor," Tatu Ylonen, founder and SSH fellow, SSH Communications Security, said in comments sent to SC Media. "It undermines the very fabric of information society. This vulnerability could cause many billions of dollars of damage to enterprises if weaponized against their servers and data. The impact can also be particularly long-term if their internal cybersecurity systems are compromised as a result of this vulnerability.”
Intel advises that affected customers check with their system OEM for updated firmware. For those who cannot yet update their firmware, the company has published a document that details steps for mitigation.
UPDATE: This story has been updated to alert readers that Intel has provided OEM partners with a fix, though none of the OEMs has released it yet, and include commentary from Tatu Ylonen, founder and SSH fellow, SSH Communications Security.