Intel has published a security advisory informing users about a firmware vulnerability in certain systems that utilize any of the following remote management tools:
Intel® Active Management Technology (Intel® AMT)
Intel® Standard Manageability (Intel® ISM)
Intel® Small Business Technology (Intel® SBT)
The vulnerability (CVE-2017-5689) could enable an unprivileged network attacker to remotely gain access to business PCs and workstations that use these technologies. This vulnerability is not observed on Intel-based consumer PCs with consumer firmware, Intel servers utilizing Intel® Server Platform Services (Intel® SPS), or Intel® Xeon® Processor E3 and Intel® Xeon® Processor E5 workstations utilizing Intel® SPS firmware.
Intel asks users using business PCs and workstations that incorporate Intel® AMT, Intel® ISM or Intel® SBT to apply a firmware update from the equipment manufacturer when available. Users must also refer to the INTEL-SA- 00075 Mitigation Guide to know more about mitigations to prevent unauthorized activation and use of Intel manageability SKUs, Intel® Active Management Technology (Intel® AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT) that have not applied the if firmware update addressing the vulnerability. To verify whether the assets in your system are remotely managed by using Intel® AMT, Intel® ISM, and Intel® SBT, we provide you with a predefined standard called CVE-2017-5689 Detector both for Windows and UNIX platforms. The standard contains a Python script-based check. You must import this standard to your CCS Standards workspace. You must run the standard in agent-based mode against your Windows and UNIX assets.
Prerequisites for CVE-2017-5689 Detector standard
The following are the prerequisites for using the CVE-2017-5689 Detector standard:
CCS 11.5 APU
Integrated Command Engine settings must be enabled on the agent machine.
Note: You must install Python 2.7 on your agent-based target computers before you run the CVE-2017-5689 Detector standard on the target computers for data collection and evaluation.
The evaluation results from the check run provide you a list of vulnerable assets in the system. This list will help you take informed decisions and secure your environment against the Intel vulnerability.
For information about how Patch Management Solution manages the targeting for INTEL-SA-00075, refer to INFO4401. For information about how to import a standard, refer to the Importing a standard section in the Symantec™ Control Compliance Suite User Guide. For information about script-based checks, refer to the About script-based checks section in the Symantec™ Control Compliance Suite User Guide.
Disclaimer: The information in this article is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. For detailed information about the Intel vulnerability (CVE-2017-5689), refer to the advisory published by Intel.