On May 1st 2017, Intel published a security advisory regarding a firmware vulnerability in certain systems that utilize Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) or Intel® Small Business Technology (SBT). The vulnerability could enable a network attacker to remotely gain access to business PCs or devices that use these technologies.
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs with consumer firmware, Intel servers utilizing Intel® Server Platform Services (Intel® SPS), or Intel® Xeon® Processor E3 and Intel® Xeon® Processor E5 workstations utilizing Intel® SPS firmware.
There are two ways this vulnerability may be accessed, please note that Intel® Small Business Technology is only vulnerable to the second method:
Our customer's security is paramount, to that end Stone are working with key vendors to provide firmware updates which close this vulnerability as quickly as possible. Those updates will be able available to download from this article as soon as they are made available to us
Intel has released a discovery tool which will analyse your systems for the vulnerability.
1. Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable systems. If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system then no further action is required.
2. Utilize the INTEL-SA-00075 Detection Guide to assess if your system has the impacted firmware.
3. Stone highly recommends updating affected systems Management Engine (ME) firmware as soon as they become available. Please review the affected products section of this article for ME firmware update availability.
4. If a firmware update is not yet available, mitigations are provided by the INTEL-SA-00075 Mitigation Guide. It is recommended that unpatched systems should have the steps detailed in the mitgation guide applied to them until such time as an ME firmware update becomes available.
The issue has been observed in Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability. Versions before 6 or after 11.6 are not impacted.
Where possible, updated BIOSes or patches for Management Engine Firmware are shown below. This article will be updated as more BIOSes or patches become available.
StonePC Lite/Tower / All In One
Legacy Desktop Products
Further information regarding Intel’s release schedule for their own branded desktop products can be found here.
Article ID: 675
Last updated: 17 Aug, 2017
Posted: 10 May, 2017 by Paul Watkins
Updated: 17 Aug, 2017 by Andrew Sharrad