What is Intel AMT? Intel AMT is an out-of-band management technology intended to provide remote-hands style access to computers, particularly servers. It provides the ability to power on and off in the case of Operating System crash, virtually insert media via images of discs and to remotely control the computer’s keyboard and mouse as if the user were in front of it. What is the vulnerability? A programming error in the AMT code allows a malicious user to craft an altered request which bypasses the authentication mechanism, allowing any user that can communicate with the target on TCP ports 16992 or 16993 to use the AMT system as though they had administrative credentials. What is the impact Hugely variable. In the best case, with a well-patched machine with other modern security mechanisms (e.g. SecureBoot and BIOS/UEFI passwords) an attacker may be limited to causing outages by altering the power state of a machine. In the worst case, an attacker would have full control of the machine and access to all the data residing upon it. Accordingly, the vulnerability has a CVSS score of 9.8 / 10 Am I affected? Versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5 or 11.6 of the Intel Management Engine firmware are affected. As this firmware is most often bundled with vendor firmware updates, you will likely need to cross-reference your current system firmware (UEFI or BIOS) with the vendor’s release notes. It is worth noting that every version since April 2010 is vulnerable. The Intel AMT feature must be activated for it to be exploitable. Unless specific instruction is made upon ordering, AMT is usually shipped deactivated. What conditions are required for this vulnerability to be exploited? Intel AMT must be enabled. Also, an attacker requires access to the ports mentioned above. If your organisation’s network team does not restrict access to dedicated management networks there is a significant risk from insiders with malicious intent. Properly segregated networks restrict would-be attackers to personnel that likely already have legitimate access. Where Intel AMT is deployed on end-user laptops and desktops it is less likely that network-based mitigation will be effective. What should I do? Identify vulnerable machines. Disable AMT. Apply updated firmware once your vendor releases it.