Intel AMT - quick temporary fix until new BIOS release
-
My quick temporary fix regarding CVE-2017-5689 vulnerability Intel AMT until you can apply a new BIOS update:
Change the default admin name account to something random, do not create another admin account:
More details about this problem here.
-
I think it would be better to disable AMT completely until the patches are out.
-
All my firewalls have IAMT exposed to WAN and it is really useful for remote sites, they are older version 5.2.xx but I already changed the default admin account name long time ago whey I set them up. No idea why Intel did not recommend this approach also if you need to use AMT.
My laptop is affected by this problem and it is a low chance to get an BIOS update because is old hw Lenovo ThinkPad T410 but I also have the admin name changed so it think it is relative safe.
I am thinking to experiment with some settings on Intel Defense for WAN on AMT ports, it will be nice to have the possibility to accept incoming connection on AMT ports only from an external IP specified by admin.
-
I think it would be better to disable AMT completely
until the patches are out.FTFY. :P ;D
-
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
we used a NULL/empty response hash (response="" in the HTTP Authorization header). Authentication still worked.
-
UPDATE 07-05-2017.
This method is confirmed to be effective for protecting you computer from remote AMT login !
Renaming default admin name account to something random will protect your computer with AMT active only from other host accessing your AMT computer by LAN or WAN.
It will NOT protect you from login/attack via local interface with LMS access !!!
It is best to use AMT with TLS so connection and traffic will be encrypted and admin name account can't be sniffed !
Remember you are still vulnerable from attack via local interface LMS access !!!
If you are looking for 100% protection then follow Intel advisory and unprovison and disable AMT !
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fredited - changed.
my post at Lenovo forum was recovered by their staff and now it is displayed.
https://forums.lenovo.com/t5/forums/v3_1/forumtopicpage/board-id/Security_Malware/thread-id/2678/page/3
-
Is/was AMT enabled by default on any of the hardware sold at the pfsense/netgate store?
-
Is/was AMT enabled by default on any of the hardware sold at the pfsense/netgate store?
https://www.reddit.com/r/PFSENSE/comments/68opmm/are_any_of_the_pfsense_appliances_vulnerable_to/
