Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Intel AMT - quick temporary fix until new BIOS release

    Off-Topic & Non-Support Discussion
    4
    8
    2166
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      n3by last edited by

      My quick temporary fix regarding CVE-2017-5689 vulnerability Intel AMT until you can apply a new BIOS update:

      Change the default admin name account to something random, do not create another admin account:

      More details about this problem here.

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        I think it would be better to disable AMT completely until the patches are out.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • N
          n3by last edited by

          All my firewalls have IAMT exposed to WAN and it is really useful for remote sites, they are older version 5.2.xx but I already changed the default admin account name long time ago whey I set them up. No idea why Intel did not recommend this approach also if you need to use AMT.

          My laptop is affected by this problem and it is a low chance to get an BIOS update because is old hw Lenovo ThinkPad T410 but I also have the admin name changed so it think it is relative safe.

          I am thinking to experiment with some settings on Intel Defense for WAN on AMT ports, it will be nice to have the possibility to accept incoming connection on AMT ports only from an external IP specified by admin.

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            @BBcan177:

            I think it would be better to disable AMT completely until the patches are out.

            FTFY.  :P ;D

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned last edited by

              https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability

              we used a NULL/empty response hash (response="" in the HTTP Authorization header). Authentication still worked.

              1 Reply Last reply Reply Quote 0
              • N
                n3by last edited by

                UPDATE 07-05-2017.

                This method is confirmed to be effective for protecting you computer from remote AMT login !

                Renaming default admin name account to something random will protect your computer with AMT active only from other host accessing your AMT computer by LAN or WAN.

                It will NOT protect you from login/attack via local interface with LMS access !!!

                It is best to use AMT with TLS so connection and traffic will be encrypted and admin name account can't be sniffed !

                Remember you are still vulnerable from attack via local interface LMS access !!!

                If you are looking for 100% protection then follow Intel advisory and unprovison and disable AMT !
                https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

                edited - changed.
                my post at Lenovo forum was recovered by their staff and now it is displayed.

                https://forums.lenovo.com/t5/forums/v3_1/forumtopicpage/board-id/Security_Malware/thread-id/2678/page/3

                1 Reply Last reply Reply Quote 0
                • S
                  seanmcb last edited by

                  Is/was AMT enabled by default on any of the hardware sold at the pfsense/netgate store?

                  1 Reply Last reply Reply Quote 0
                  • BBcan177
                    BBcan177 Moderator last edited by

                    @seanmcb:

                    Is/was AMT enabled by default on any of the hardware sold at the pfsense/netgate store?

                    https://www.reddit.com/r/PFSENSE/comments/68opmm/are_any_of_the_pfsense_appliances_vulnerable_to/

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post