iTWire reported on this issue — now dubbed Silent Bob — with the strongest advice to disable AMT on any Internet connected devices. To say there are millions of enterprise computers affected would be an understatement.
Intel has reacted quickly and implemented a validated firmware update but the catch 22 is that it needs to come from the computer manufacturer – not the chip maker. But the problem is that the vulnerability relies on manufacturers signed patches that may not be ready for weeks or months. Intel is not aware of hackers exploiting it yet.
According to a ssh communications security comprehensive article on the issue, “The exploit is trivial, max five lines of Python could be doable in a one-line shell command. It gives full control of affected machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware) and read and modify any data.
The main OEMs are Cisco, HP, HP Enterprise, Lenovo, IBM, SuperMicro, Dell, Oracle, Intel (motherboards) and potentially Apple. But that is the tip of the iceberg as the vulnerability goes back to Intel vPro versions Nehalem released in late 2008 to Intel’s latest Kaby Lake 7th generation processors.
Given the nearly 10 years of vulnerability and the propensity to use white box computers and servers during this time it is likely that only a small percentage will actually ever be patched.
Intel publicly disclosed the AMT security flaw on 1 May and released a downloadable discovery tool a short time later. It also released a mitigation guide, which shows how to disable the AMT, the Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) software. Disabling these features should keep the systems safe but it is only a short term fix as the features are well used in business.
Chilling is ssh’s comment that you can bet every ATM-enabled system has been compromised by now.
Or Darknet.org’s comment, “This is the scary thing though when hardware manufacturers (without any easy way to patch or address security flaws) deploy completely out-of-band management systems that are TCP/IP enabled and almost definitely have security flaws.”