Intel have recently published a security advisory regarding a firmware vulnerability in certain systems that use Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) or Intel® Small Business Technology (SBT). This could enable a network attacker to gain access remotely to PC’s or devices that use these systems.

Running at firmware level, the code for these remote management tools operates on Intel’s Management Engine which has total control of the hardware on your PC and talks directly to the network port. This can therefore can allow a device to be controlled remotely no matter which OS and applications are running above it.

Usually password protected, it has been revealed that authentication can be bypassed leaving systems open to attack remotely. This critical security bug has been designated CVE-2017-5689 and applies to firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6.

For further information and full details, please see security advisory at:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr