Configuration errors in Intel workstations being labeled a security hole

Security researchers at an antivirus company have documented another potentially serious security hole in an Intel product, this time in the mechanism for performing system updates. The good news, however, is that it is limited to desktops, is a configuration error, and does not appear to impact servers.

Last June, researchers at F-Secure found a flaw in Intel’s Active Management Technology (AMT), a feature used to perform remote updates to advanced desktops using Intel vPro or workstation platforms using Core desktop chips and certain Xeon CPUs. Xeon is primarily a server processor but there are some low-end chips used in high-performance workstations, such as those used in a CAD environment.

AMT is designed to allow administrators to access and perform updates to PCs even if the PCs are turned off, so that they don’t have to go from computer to computer performing updates. Instead, an update is pushed out from a central location.

What F-Secure found is that an attacker can gain full access to an entire machine, including encryption keys. The vulnerability allows a local intruder — key word local — to backdoor almost any corporate laptop in a matter of seconds, even if the BIOS password, TPM Pin, Bitlocker and login credentials are in place.

Leave a Reply

Your email address will not be published. Required fields are marked *