Number: AV17-060
Date: 3 May 2017
Purpose
The purpose of this advisory is to bring attention to a vulnerability in Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard.
Assessment
CCIRC is aware of an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6. This vulnerability can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.
Suggested action
CCIRC recommends that system administrators test and deploy the vendor-released updates to affected applications accordingly.
References
INTEL-SA-00075: Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr