Q
Problem solve Get help with specific problems with your technologies, process and projects.

Intel AMT flaw: How are corporate endpoints put at risk?

A recent flaw in Intel's Advanced Management Technology enables hackers to gain access to endpoint devices. Discover how this flaw can be mitigated with expert Judith Myerson.

A flaw in Intel's Advanced Management Technology enables hackers to exploit a simple vulnerability and gain control...

of corporate laptops. How is this possible, and what is the best way to mitigate the Intel AMT flaw?

Exploiting the flaw in Intel's Advanced Management Technology (AMT) takes a few seconds. An attacker boots up his laptop by pressing CTRL-P, and then logs on to the Intel Management Engine BIOS Extension using admin as the default password. After changing the password, the attacker sets the user opt-in to None and connects to the victim's laptop, bypassing a strong BIOS password and username.

The flaw enables the attacker to remotely access, read and modify data and applications that are assigned to a corporate user, and potentially even transfer them to the attacker's server. Potential victims may be untargeted and merely be located in a waiting room or a public place. If the attacker finds that the victim's laptop doesn't have AMT, they can then search until a victim whose laptop requires AMT is found.

The best way to mitigate the Intel AMT flaw is to use Microsoft System Center Configuration for laptops connected to a Windows domain. System administrators can use it to:

  • Remotely query all corporate laptops about suspicious passwords.
  • Provision each laptop to require a strong password of 8 or more characters -- a combination of numbers, letters and special characters is strongly recommended -- and establish a policy on how often the password should be changed.
  • Disable AMT for all laptops that don't require it. This means the corporate IT staff will not be able to have remote control over these laptops and will need to find other ways to remotely secure them.

Any laptops found to be affected should be addressed by enterprise security teams, and corporate incident response procedures should be used.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

This was last published in March 2018

Dig Deeper on Microsoft Windows security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How has your organization dealt with the Intel Advanced Management Technology flaw?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close