- Posted by:
On May 8, 2017, 2:57 p.m.
Intel has disclosed a vulnerability within the firmware of its Active Management Technology (AMT) feature. Intel has advised that the vulnerability could allow an unprivileged network attacker to gain system privileges.
This vulnerability exists in first generation and later Intel Core processor family and Q-Series chip sets. NCR has used this technology in ATMs that were manufactured later than 2011. The PC cores in NCR ATMs shipped prior to 2011 do not have this vulnerability.
There are several NCR ATM cores that include versions of AMT that have been identified at risk (AMT 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x). By default, NCR BIOS are set to DISABLE AMT. In addition, the version of Windows OEM that NCR configures and installs in ATMs does NOT include the all necessary software needed to enable AMT.
This issue only affects customers who are using AMT or have AMT software on their system.
Intel ID: INTEL-SA-00075
Product family: Intel® Active Management Technology, Intel® Small Business Technology, and Intel® Standard Manageability
Impact of vulnerability: Elevation of Privilege
Severity rating: Critical
Original release: May 01, 2017
Last revised: May 05, 2017
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs with consumer firmware, Intel servers utilizing Intel® Server Platform Services (Intel® SPS), or Intel® Xeon® Processor E3 and Intel® Xeon® Processor E5 workstations utilizing Intel® SPS firmware.
For general guidance on this issue please see https://newsroom.intel.com/news/important-security-information-intel-
There are two ways this vulnerability may be accessed please note that Intel® Small Business Technology is not vulnerable to the first issue.
- An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Full description of the Intel security vulnerability is available here:
However, if you have enabled AMT, or installed a different version of the operating system that has AMT software, NCR recommends that you take the following steps which have been advised by Intel.
Intel has released a downloadable discovery tool located at downloadcenter.intel.com, which will analyze your system for the vulnerability. IT professionals who are familiar with the configuration of their systems and networks can use this tool or can find more details below.
- Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system. If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system then no further action is required.
- Step 2: Utilize the INTEL-SA-00075 Detection Guide to assess if your system has the impacted firmware. If you do have a version in the “Resolved Firmware” column no further action is required to secure your system from this vulnerability.
- Step 3: Intel highly recommends checking with your system OEM for updated firmware. Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 188.8.131.5208.
- Step 4: If a firmware update is not available from your OEM, mitigations are provided the INTEL-SA-00075 Mitigation Guide.
For in depth advise on securing your ATM estate we suggest ATM Security Training and our Advisory services. For more information get in touch! LIQUIDNEXXUS
Share on LinkedIn
Share on Facebook