Intel AMT weaknesses and faulty Meltdown/Spectre patches

In the wake of Meltdown & Spectre, two devastating CPU vulnerabilities, another weakness was detected within Intel’s Active Management Technology. This could allow an attacker to remotely access your device and your data. At the same time, in an effort to correct the two aforementioned vulnerabilities Intel released some questionable patches. These in turn caused ‘unpredictable’ system behavior and near-random reboots. All in all, it is not turning out to be a good year for the CPU.

 

Intel AMT

It’s been a rough start for 2018 and it has barely begun. It rings especially true for Intel. Their Active Management Technology, AMT, is generally used in corporate laptops and allows for system administrators and technicians to remotely connect to a device. It acts as an easy solution for corporate device management. A weakness was found in the Intel Management Engine BIOS Extension (MEBx) used by the AMT; Administrators rarely change the default password.

An attacker with knowledge of the default password, which happens to be admin, and brief physical access to disable the user opt-in (consent of remote access) is all it would take. Once done, the attacker gains complete access. It is especially harrowing since most corporate laptops use a company VPN, possibly allowing an attacker inside the intranet. The official recommendation by Intel is to change the BIOS password. For other security recommendations, view their documentation.

 

Meltdown & Spectre Patches

More issues soon arose, as on January 11th the first reports of spontaneous reboots and system instability came in. The reports seemed to correlate with patches released by Intel earlier in the year, meant to prevent Meltdown and Spectre. As it turns out, the initial correlation was true; The patches were causing the issues. In some of the chips available the cause for the behavior has been identified, but in the mean time, Intel advises against installing them.

Intel are not the only one with the issue, however. AMD saw boot failure occurring after implementation of their own patches. They are now halted by Microsoft to prevent any more issues until a more stable patch is released.

If you applied either patches through either manual or automatic update and are experiencing these symptoms our advise is to hold out. Keep an eye out for official news, as it is currently unknown when a fix will be available. Intel recommendations can be found here and AMD’s respective recommendations here.