Intel vulnerability worse than first thought

By Dylan Bushell-Embling
Tuesday, 09 May, 2017

The Intel enterprise chipset privileged access vulnerability first disclosed earlier this month is more critical than originally disclosed, according to the company that discovered the flaw.

Intel issued a security alert warning of a critical escalation of privileges flaw in its Active Management Technology (AMT), Intel Standard Manageability and Small Business Technology firmware.

Smart device security company Embedi, which discovered the AMT vulnerability, has now warned that the exploit allows an attacker to get full control over a business computer even if it is turned off, as long as it is still plugged in.

The vulnerability can allow remote control of a system’s mouse, keyboard and monitor, remote modification of a PC’s boot device and the ability to power on, power off, reboot and reset the computer.

Embedi said the flaw was first discovered in mid-February while studying the internals of Intel ME firmware, but the company feared that releasing the details before Intel could patch the vulnerability would spark attacks on Intel AMT business users.

NCR Corporation has separately warned that many ATMs could be vulnerable to the exploit and will need to be patched.

Microsoft has meanwhile rapidly moved to patch a remote code execution flaw discovered by Google’s Project Zero.

On Friday, Project Zero researcher Tavis Ormandy tweeted that he and fellow researcher Natalie Silvanovich may have discovered “the worst Windows remote code exec in recent memory. This is crazy bad.”

The exploit involves a flaw in the Microsoft Malware Protection Engine used by Windows Defender and other Microsoft anti-malware products that could ironically potentially allow hackers to use the anti-malware software to remotely execute malicious code.

Project Zero gives companies a 90-day window to fix an exploit before disclosing, but Microsoft wasted no time patching the exploit, issuing a critical security update yesterday US time. The protection engine will automatically apply the update within 48 hours of release, the security update states.

Ormandy was impressed with Microsoft’s turnaround time, commenting on Twitter that it was an “amazing response”.

Image courtesy of Aaron Fulkerson under CC

Follow us on Twitter and Facebook