Critical Intel flaw undetected for a decade

Intel has issued a security alert for a critical flaw that has lain undetected in many of its enterprise chipsets for over a decade.

The alert, issued on 1 May, warns of an escalation of privilege vulnerability in Intel Active Management Technology, Intel Standard Manageability and Small Business Technology firmware.

The vulnerability covers multiple versions of the firmware from 6.x and higher, and could allow local attackers to gain unprivileged network or local system privileges on Intel manageability SKUs including AMT.

The AMT and ISM SKUs are also potentially vulnerable to network attacks from unprivileged users. Versions of the manageability firmware after 11.6 are not affected, and the vulnerability does not affect Intel-based consumer PCs.

Intel is urging customers running affected versions of the firmware to seek updated firmware from their OEMs as soon as possible.

But because it will be up to OEMs to issue updated firmware to address the flaw, and to enterprise customers to install the new firmware, many systems are likely to remain unpatched.

If no firmware is available, Intel has issued a mitigation guide detailing potential steps including unprovisioning client systems vulnerable to the issue, disabling or removing the Intel Management and Security Application Local Management Service (LMS), and setting local manageability configuration restrictions.

Image courtesy of Aaron Fulkerson under CC

Follow us on Twitter and Facebook