Update on Intel AMT Exploit
As many of you are aware, a rather onerous firmware exploit was discovered in February that affects most modern Intel processors. The exploit has been dubbed "Silent Bob Is Silent" and can grant an adversary remote access to your computer beneath the OS level. This not only affect Windows machines but Mac and Linux as well.
“The exploit is trivial, max five lines of Python, could be doable in one-line shell command. It gives full control of affected machines, including the ability to read and modify everything. It can be used to install persistent malware (possibly in firmware), and read and modify any data. For security servers, it may allow disabling security features, creating fake credentials, or obtaining root keys. … IT folks, KEEP WORKING THROUGH THE WEEKEND, DISABLE AMT NOW or block access to it. This can get ugly.”
Read the full piece HERE
The linked post will cover some methods for determining if your system is vulnerable. It should be noted that the Intel vPro model CPUs are most vulnerable.
I should point out that the SEPIO laptops are not vulnerable to this exploit.
Note: A quick fix you could employ while waiting for a patch is to block the following ports in your router/AP firewall: 16992, 16993, 16994, 16995, 623, 664. This will block it for the time being. I would also disable IPv6 as it uses random IPv6 ports.
Comments
Post a Comment