Intel system management security hole worse than feared

The recently-disclosed security issue involving Intel's out-of-band management firmware is more widespread than initially thought, with computers built over the past decade potentially at risk.

Last Tuesday it was revealed a vulnerability allows attackers to access the management feature on specific PCs that have the tool built-in and enabled.

But further analysis has since shown they can do so without authentication.

If the target system runs the Windows Local Manageability Service (LMS), the management feature will be exposed via the computer's IP address. This could be used for remote exploitation of the vulnerability simply by sending an empty authentication string to target systems to gain full administrative access.

As the feature runs independently of the computer's operating system - and provides full access to the PC - the vulnerability could be used for destructive purposes as well as to access sensitive data on devices that expose the feature to the internet.

Security vendor Embedi, which discovered the vulnerability, said the problem first appeared in 2010-2011 when Intel's manageability firmware version 6.0 was released.

Other security vendors such as Tenable have also confirmed the bug. SSH Communications Security principal Tatu Ylönen said the vulnerability is "even worse than I expected" and urged users to disable the management feature on their systems.

Intel said in its security advisory that the issue is found in versions 6.0.x.x, 6.1.x.x and 6.2.x.x of its management firmware, which were released with the first generation of the company's Core processors.

It also revealed that the firmware accompanying Core processors until this year are vulnerable.

Intel has released a detection tool for the vulnerability, which affects its vPro based systems with the Active Management Technology (AMT), Small Business Advantage (SBA), and System Management technologies.

The company said computer makers HP, Lenovo, Fujitsu and Dell are all working with Intel to release fixed firmware for their computers.

A list of vulnerable and affected Lenovo products can be found on the company's website. Fujitsu also published a list of affected systems [pdf], as has with Dell [pdf].

Apple, which users Intel processors in its laptops and desktops, is not vulnerable to the AMT issue, as its devices do not use the feature.

Turning off the management feature in the computer BIOS if it is enabled, and firewalling off TCP ports 623, 664,16992, 16993 and 16994, 16995, mitigates against the vulnerability.