Intel AMT Vulnerability Allows Backdoor Access

A security researcher with F-Secure discovered a vulnerability that exists within Intel’s Active Management Technology (AMT) that could grant a threat actor remote access to corporate devices. In order to exploit this flaw, an attacker must select Intel’s Management Engine BIOS Extension (MEBx) during the boot process and enter the default password of admin. If companies have not changed the default MEBx password, an attacker could circumvent standard security measures including the BIOS password, TPM Pin, and BitLocker and login credentials to compromise a machine. Although physical access is required to initiate this attack, a configuration can be achieved in less than sixty seconds. This vulnerability affects devices running Intel manageability firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and version 11.6 for devices running Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability. The NJCCIC strongly recommends users and administrators of Intel AMT products change the default MEBx password as soon as possible and review Intel’s advisory to determine if systems are vulnerable to this attack. Additionally, users are reminded to never leave personal or business devices unattended in insecure locations.  

AdvisoryNJCCICIntel, Password