Skip to main content

Intel AMT Releases Security Update For Some Processors

By September 17, 2020May 5th, 2022Technology News

Recently, Intel released a very important update designed to address nine separate security flaws in their chipsets as part of their September 2020 Platform Update.

Of the flaws addressed by this fix, one of them is a critical issue revolving around the company’s Active Management Technology (AMT) and Intel Standard Manageability platforms.

That’s important because the AMT is used in a wide range of Intel Processors and correcting that flaw in particular helps keep a vast number of machines safe.

This vulnerability, tracked as CVE-2020-8758 has a severity score of 9.8 and is especially dangerous because it allows remote escalation of privileges when successfully executed. At the root, the vulnerability exists due to improper buffer restrictions in the network subsystem.

Jerry Bryant, Intel’s Director of Communications, had this to say about the issue:

For customers using Intel vPro systems that do not have AMT provisioned, an authenticated user with local access to the system may still be able to escalate privileges. If the platform is configured to use Client Initiated Remote Access (CIRA) and environment detection is set to indicate that the platform is always outside the corporate network, the system is in CIRA-only mode and not exposed to the network vector.”

The central question then, is are you vulnerable and do you need the update? The simple answer is that you’re vulnerable if you have any of the following AMT and ISM versions (or older):

  • 11.8.79
  • 11.12.79
  • 11.22.79
  • 12.0.68
  • 14.0.39

If there’s a silver lining to be found, it lies in the fact that there’s currently no evidence that this flaw is being actively exploited by hackers.

Naturally, given time, that will change, so the clock is ticking to get your systems updated.

A full list of the flaws addressed by the latest update is available on Intel’s website, but if it’s been a while since you’ve applied one, this one is well worth making a priority.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.