Differences between revisions 10 and 11
Revision 10 as of 2018-01-17 11:45:43
Size: 4607
Comment:
Revision 11 as of 2018-01-17 12:01:44
Size: 5412
Comment: Additional links
Deletions are marked like this. Additions are marked like this.
Line 32: Line 32:
* INTEL-SA-00086_ (see Intel-SA-00086-software_ for firmware updates and tools) * CVE-2017-5712_ (see INTEL-SA-00086_)
Line 34: Line 34:
* CVE-2017-5705_ (and 5706-5711) * CVE-2017-5705_ and similar CVE-2017-5706_ CVE-2017-5707_ CVE-2017-5708_ CVE-2017-5709_ CVE-2017-5710_ CVE-2017-5711_
Line 36: Line 36:
Software tools:

* Intel-SA-00086-software_ for vendor firmware updates and tools
* `Intel-SA-00086 Detection Tool <https://downloadcenter.intel.com/download/27150?v=t>`_ for Linux and Windows

.. _CVE-2017-5712: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5712
Line 39: Line 45:
.. _INTEL-SA-00075: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
Line 40: Line 47:
.. _INTEL-SA-00075: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr .. _CVE-2017-5706: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5706
.. _CVE-2017-5707: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5707
.. _CVE-2017-5708: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5708
.. _CVE-2017-5709: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5709
.. _CVE-2017-5710: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5710
.. _CVE-2017-5711: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5711

Intel Active Management Technology (AMT)

About AMT

Intel® Active Management Technology (Intel® AMT) is a feature of Intel® Core™ processors with Intel® vPro™ technology1,2 and workstation platforms based on select Intel® Xeon® processors. Intel® AMT uses integrated platform capabilities and popular third-party management and security applications, to allow IT or managed service providers to better discover, repair, and help protect their networked computing assets. Intel® AMT also saves time with remote maintenance and wireless manageability for your mobile workforce, and secure drive wiping to simplify PC lifecycle transitions.

See also Wikipedia articles on:

AMT firmware updates

A number of security holes in AMT firmware have been reported. If you have activated AMT, it is mandatory to install the latest AMT firmware updates from your PC vendor.

A partial list of AMT security holes includes:

Software tools:

Management Engine BIOS Extension (MEBX)

Intel ME configuration is included in the BIOS by the Intel ® Management Engine BIOS Extension (Intel MEBX). The Intel MEBX provides the ability to change and/or collect the system hardware configuration, passes it to the management firmware and provides the Intel ME configuration user interface.

Accessing MEBX

If the PC has AMT hardware, you can enter the MEBX setup just after the POST start-up by pressing:

Control-P

This option is usually not displayed on the PC boot screen.

MEBX password

When creating an MEBX admin password, it is important to note that the BIOS will interpret keystrokes assuming a US keyboard layout.

The documented default password for user admin is also admin. If AMT is enabled, this password must be changed.

Since non-alphanumeric characters are required in MEBX passwords, it is important to take note the actual characters typed into the BIOS, since they may be different when you login to the AMT from a web-browser or other tool! In BIOS setup, a US keyboard layout is assumed.

IT-wiki: Intel_AMT (last edited 2018-01-26 14:00:06 by OleHolmNielsen)