Intel Patches Privilege Escalation Vulnerability In Firmware - CVE-2017-5689

Introduction

Lot of buzz and updates in cyber security space and tech media regarding privilege escalation vulnerability in Intel products. It is noted that remote attacker can exploit this vulnerability and gain access. Intel AMT, Intel ISM, and Intel SBA are affected with this vulnerability and the attacker who exploited successfully might get the control of manageability features provided by these products. Intel based consumer PCs with consumer firmware, Servers with Intel SPS or Xeon Processor E3 and E5 workstations are not affected with this vulnerability.

Intel Support

Summary And Detail of the Vulnerability

There are two ways this vulnerability may be accessed and Intel small business technology is not vulnerable to the first one.

1. · An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). 
2. An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel AMT, Intel ISM, and Intel SBT. 

CVSS 3.0: Base score as 9.8 for the first issue and Base score as 8.4 for the second issue. The severity is rated as critical and high respectively. The issue has been observed in Intel manageability firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability. Versions before 6 or after 11.6 are not impacted.

Intel issued a tool to check whether the system is affected with this vulnerability or not. And gave the proper guide to follow.

Intel Recommendations:

Intel has released a downloadable discovery tool located at https://downloadcenter.intel.com/download/26755, which will analyse your system for the vulnerability. IT professionals who are familiar with the configuration of their systems and networks can use this tool or can find more details below. Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system.  If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system then no further action is required. Step 2: Utilize the INTEL-SA-00075 Detection Guide to assess if your system has the impacted firmware. If you do have a version in the “Resolved Firmware” column no further action is required to secure your system from this vulnerability. Step 3: Intel highly recommends checking with your system OEM for updated firmware.  Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 8.1.71.3608. Step 4: If a firmware update is not available from your OEM, mitigations are provided the INTEL-SA-00075 Mitigation Guide. For assistance in implementing the mitigations steps provided in this document, please contact Intel Customer Support; from the Technologies section, select Intel® Active Management Technology (Intel® AMT). Intel manageability firmware Associated  CPU Generation Resolved Firmware X.X.XX.3XXX     6.0.xx.xxxx 1st Gen Core 6.2.61.3535   6.1.xx.xxxx 6.2.61.3535   6.2.xx.xxxx 6.2.61.3535   7.0.xx.xxxx 2nd Gen Core 7.1.91.3272   7.1.xx.xxxx 7.1.91.3272   8.0.xx.xxxx 3rd Gen Core 8.1.71.3608   8.1.xx.xxxx 8.1.71.3608   9.0.xx.xxxx 4th Gen Core 9.1.41.3024   9.1.xx.xxxx 9.1.41.3024   9.5.xx.xxxx 9.5.61.3012   10.0.xx.xxxx 5th Gen Core 10.0.55.3000   11.0.xx.xxxx 6th Gen Core 11.0.25.3001 11.0.22.3001 11.0.18.3003   11.5.xx.xxxx 7th Gen Core 11.6.27.3264   11.6.xx.xxxx 11.6.27.3264 11.6.12.3202

- Recommendation and table are copied from Intel page. Follow the Intel support guide for this and contact Intel support team for assistance. 

Post made by

newWorld

(Note: Refer Old post on how Intel processor is made: http://www.edison-newworld.com/2011/03/intel-shows-how-processor-is-made.html