The flaw was announced on May 1st by Intel explaining what the flaw was and that they were working on a fix for it. The recommended that anyone using AMT take steps to protect those systems (we recommend shutting it off in the BIOS). What makes things more interesting is that our old friend Windows was there to help attackers out in gaining access to this tool over a LAN without any special tricks. A handy service called Local Manageability Service advertises AMT and its related tools via the systems assigned IP address. These tools are operational even when the system is powered off and are not visible to common security tools. You would still be able to see them with technology like Netflow or other network based systems that track traffic passing over your network, but you have to know to look for it, or it might be overlooked as simple background traffic.

To make things a little worse Microsoft is now claiming that a hacking group is actively exploiting this flaw. The claim is that a group dubbed PLATINUM is behind the attacks and could even be a Nation-State group (if their claims are true).

As things stand right now this affects most of the Intel CPUs out there and has been in place for around seven years. We have a feeling that other malicious groups are already aware of this flaw so the revelation from Microsoft is probably not going to be the last. We also have a feeling that most companies will never be fully protected from this as their workstation update policies are just not what they should be…

If you are interested, you can read Intel’s statement and see if there is a patch for your system.