Select Page

Intel AMT weaknesses and faulty Meltdown / Specter patches

In the wake of Meltdown & Specter, two devastating CPU vulnerabilities, another weakness was detected within Intel's Active Management Technology. This could allow an attacker to remotely access your device and your data. At the same time, in an effort to correct the two aforementioned vulnerabilities Intel released some questionable patches. These in turn caused 'unpredictable' system behavior and near-random reboots. All in all, it is not turning out to be a good year for the CPU.

 

Intel AMT

It's been a rough start for 2018 and it has barely begun. It rings especially true for Intel. Their Active Management Technology, AMT, is generally used in corporate laptops and allows for system administrators and technicians to remotely connect to a device. It acts as an easy solution for corporate device management. A weakness was found in the Intel Management Engine BIOS Extension (MEBx) used by the AMT; Administrators rarely change the default password.

An attack with knowledge of the default password, which happens to be admin, and briefly physical access to disable the user opt-in (consent or remote access) is all it would take. Once done, the attacker gains complete access. It is especially harrowing since most corporate laptops use a company VPN, possibly allowing an attack inside the intranet. The official recommendation by Intel is to change the BIOS password. For other security recommendations, view them documentation .

 

Meltdown & Specter Patches

More issues soon arose, as on January 10th, the first reports of spontaneous reboots and system instability came in. The reports seemed to correlate with patches released by Intel earlier in the year, meant to prevent Meltdown and Specter. If it turns out, the initial correlation was true; The patches were causing the issues. In some of the chips available the cause of the behavior has been identified, but in the mean time, Intel advises against installing them.

Intel is not the only one with the issue, however. AMD saw boot failure occurring after implementation of their own patches. They are now halted by Microsoft To prevent any more issues, until a more stable patch is released.

If you applied either patches through either manual or automatic update and are experiencing these symptoms our advice is to hold out. Keep an eye out for official news when it is currently unknown when a fix will be available. Intel recommendations can be found here and AMD's respective recommendations here.