Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation

    Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation


    Potential Security Impact: Remote or local exploitation of manageability features leading to unprivileged system access

    Summary

    A security vulnerability has been discovered in Intel’s manageability firmware that makes platforms vulnerable to unprivileged system access and impacts all Intel OEMs. The vulnerability is a security flaw that originated in the development and deployment of Intel's Manageability firmware. This results in a vulnerability that allows an unprivileged network or local attacker to gain system privileges on ASUS systems that support Intel manageability (AMT, ISM, and SBT).

    Intel has released a security advisory (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr) as noted below:

    There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products.

    There are two ways this vulnerability may be accessed please note that Intel® Small Business Technology is not vulnerable to the first issue.

    • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM). ◦
    • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).


    Mitigation Strategy for Customers

    ASUS is working on qualifying and applying the fixes provided by Intel on supported systems. Moreover, Intel has released a downloadable discovery tool located at downloadcenter.intel.com, which will analyze your system for the vulnerability. IT professionals who are familiar with the configuration of their systems and networks can use this tool or can find more details below.

    ·Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system: https://communities.intel.com/docs/DOC-5693. If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system then no further action is required.

    ·Step 2: Utilize the Detection Guide to assess if your system has the impacted firmware: https://downloadcenter.intel.com/download/26755. If you do have a version in the “Resolved Firmware” column no further action is required to secure your system from this vulnerability.

    ·Step 3: Intel recommends checking with your system OEM for updated firmware. Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 8.1.71.3608.

    ·Step 4: If a firmware update is not available from your OEM, follow Intel’s Mitigation Guide: https://downloadcenter.intel.com/download/26754

    ·For assistance in implementing the mitigations steps provided in this document, please contact Intel Customer Support ; from the Technologies section, select Intel® Active Management Technology (Intel® AMT).

    Product Impact

    Commercial Desktops

    Product

    Impact

    Minimum ME FW required for fix

    Target available date

    ME tool Link to download

    Last updated

    ASUSPRO

    D830MT

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.1323638.677128072.1497248581-692794007.1496988959

    6/12/2017

    ASUSPRO

    D831MT

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.4820915.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    MD800

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.4820915.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    D830SF

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.5869491.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    SD800

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.5869491.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    D630MT

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.50505385.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    D631MT

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.80913303.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    MD590

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.80913303.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    D630SF

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.50515625.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    SD590

    Affected

    11.6.12.3202

    Available

    http://dlcdnet.asus.com/pub/ASUS/Desktop/ME_Update/MEUpdate_KabyLake_V1010.zip?_ga=2.50515625.102592114.1497425741-40071407.1491613400

    6/12/2017

    ASUSPRO

    D820MT

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    BM2CE

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    BM3CE

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    MD790

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    D820SF

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    SD790

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    D620MT

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    BM2CF

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    BM3CF

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    MD580

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    D620SF

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    SD580

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    D520MT

    Not affected

    5/10/2017

    ASUSPRO

    BM2CD

    Not affected

    5/10/2017

    ASUSPRO

    D521MT

    Not affected

    5/10/2017

    ASUSPRO

    MD330

    Not affected

    5/10/2017

    ASUSPRO

    SD330

    Not affected

    5/10/2017

    ASUSPRO

    D520SF

    Not affected

    5/10/2017

    ASUSPRO

    BP1CD

    Not affected

    5/10/2017

    ASUSPRO

    D320MT

    Not affected

    5/10/2017

    ASUSPRO

    BM5CD

    Not affected

    5/10/2017

    ASUSPRO

    D320SF

    Not affected

    5/10/2017

    ASUSPRO

    BP2CD

    Not affected

    5/10/2017

    ASUSPRO

    BM1AE

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    BM6AE

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    MD780

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    BP1AE

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    SD780

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    D810MT

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    BM1AF

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    BM6AF

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    MD570

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    BP1AF

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    SD570

    Affected

    9.1.41.3024

    7/14/2017

    5/10/2017

    ASUSPRO

    BM1AD

    Not affected

    5/10/2017

    ASUSPRO

    BP1AD

    Not affected

    5/10/2017

    ASUSPRO

    SD310

    Not affected

    5/10/2017

    ASUSPRO

    BM6AD

    Not affected

    5/10/2017

    ASUSPRO

    MD310

    Not affected

    5/10/2017

    ASUSPRO

    BM6675

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    BM6875

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    BP6375

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    MD750

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    SD750

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    BT1AG

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    SD260

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    BM6635

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    BM6835

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    BP6335

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    MD560

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    SD560

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    BT1AH

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    SD250

    Affected

    8.1.71.3608

    7/28/2017

    5/10/2017

    ASUSPRO

    BM6620

    Not affected

    5/10/2017

    ASUSPRO

    MD530

    Not affected

    5/10/2017

    ASUSPRO

    BP6320

    Not affected

    5/10/2017

    ASUSPRO

    SD530

    Not affected

    5/10/2017

    ASUSPRO

    BT6130

    Not affected

    5/10/2017

    ASUSPRO

    SD230

    Not affected

    5/10/2017

    ASUSPRO

    BP6820

    Not affected

    5/10/2017

    ASUSPRO

    BM6660

    Affected

    7.1.91.3272

    7/28/2017

    5/10/2017

    ASUSPRO

    BM6360

    Affected

    7.1.91.3272

    7/28/2017

    5/10/2017

    ASUSPRO

    BP6260

    Affected

    7.1.91.3272

    7/28/2017

    5/10/2017

    ASUSPRO

    MD710

    Affected

    7.1.91.3272

    7/28/2017

    5/10/2017

    ASUSPRO

    SD710

    Affected

    7.1.91.3272

    7/28/2017

    5/10/2017

    ASUSPRO

    BM6650

    Not affected

    5/10/2017

    ASUSPRO

    MD520

    Not affected

    5/10/2017

    ASUSPRO

    BM6630

    Not affected

    5/10/2017

    ASUSPRO

    MD510

    Not affected

    5/10/2017

    ASUSPRO

    BM6350

    Not affected

    5/10/2017

    ASUSPRO

    BM6330

    Not affected

    5/10/2017

    ASUSPRO

    BP6230

    Not affected

    5/10/2017

    ASUSPRO

    SD510

    Not affected

    5/10/2017

    ASUSPRO

    BM5695

    Affected

    6.2.61.3535

    7/28/2017

    5/10/2017

    ASUSPRO

    BM5295

    Affected

    6.2.61.3535

    7/28/2017

    5/10/2017

    ASUSPRO

    BP5295

    Affected

    6.2.61.3535

    7/28/2017

    5/10/2017

    ASUSPRO

    MD700

    Affected

    6.2.61.3535

    7/28/2017

    5/10/2017

    ASUSPRO

    SD700

    Affected

    6.2.61.3535

    7/28/2017

    5/10/2017

    ASUSPRO

    BM5675

    Affected

    6.2.61.3535

    7/28/2017

    5/10/2017

    ASUSPRO

    MD500

    Not affected

    5/10/2017

    ASUSPRO

    BM5375

    Not affected

    5/10/2017

    ASUSPRO

    BM5275

    Not affected

    5/10/2017

    ASUSPRO

    BP5275

    Not affected

    5/10/2017

    ASUSPRO

    SD500

    Not affected

    5/10/2017

    Commercial All-in-Ones

    Product

    Impact

    Minimum ME FW required for fix

    Target available date

    ME Tool Download Link

    Last updated

    ASUSPRO A4321

    Affected

    11.6.12.3202

    6/23/2017

    5/10/2017

    ASUSPRO A6421

    Affected

    11.6.12.3202

    6/23/2017

    5/10/2017

    ASUSPRO A6420

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO A6420

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO A4110

    Not affected

    5/10/2017

    Commercial Notebooks

    Product

    Impact

    Minimum ME FW required for fix

    Target available date

    ME Tool Download Link

    Last updated

    ASUSPRO

    B400AV

    Affected

    8.1.71.3608

    6/23/2017

    5/10/2017

    ASUSPRO

    B551LGV

    Affected

    9.5.61.3012

    6/23/2017

    5/10/2017

    ASUSPRO

    B451JAV

    Affected

    9.5.61.3012

    6/23/2017

    5/10/2017

    ASUSPRO

    BU401LAV

    Affected

    9.5.61.3012

    6/23/2017

    5/10/2017

    ASUSPRO

    BU201LAV

    Affected

    9.5.61.3012

    6/23/2017

    5/10/2017

    ASUSPRO

    BU403UAV

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    BU203UAV

    Affected

    11.0.18.3003

    6/23/2017

    5/10/2017

    ASUSPRO

    B9440UAV

    Affected

    11.6.12.3202

    6/23/2017

    5/10/2017