Intel patches remote execution exploit of PCs with Intel Server Chipsets


Do you own an PC running with Intel Server Chipset? Recently Intel patches remote execution exploit which was hidden for past 9 years.

The RCE flaw (CVE-2017-5689) resides in the Intel’s Management Engine (ME) technologies such as Active Management Technology (AMT), Small Business Technology (SBT), and Intel Standard Manageability (ISM), according to an advisory published Monday by Intel.

These features allow a systems administrator to remotely manage large fleets of computers over a network (via ports 16992 or 16993) in an organization or an enterprise. For the past nine years, millions of Intel workstation and server chips have harbored a security flaw that can be potentially exploited to remotely control and infect systems with spyware.

Specifically, the bug is in Intel’s Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) firmware versions 6 to 11.6. According to Chipzilla, the security hole allows “an unprivileged attacker to gain control of the manageability features provided by these products.”

A critical remote code execution (RCE) vulnerability has been discovered in the remote management features on computers shipped with Intel processors for nearly a decade, which could allow attackers to take control of the computers remotely.

How Bad is this Vulnerability

In short, a potential attacker can log into a vulnerable machine’s hardware and silently perform malicious activities, like tampering with the machine, installing virtually undetectable malware, using AMT’s features.

The PC’s operating system never knows what’s going around because AMT has direct access to the computer’s network hardware. When AMT is enabled, any packet sent to the PC’s wired network port will be redirected to the Management Engine and passed on to AMT – the OS never sees those packets.

These insecure management features have been made available in various, but not all, Intel chipsets for nearly a decade, starting from Nehalem Core i7 in 2008 to this year’s Kaby Lake Core, with a higher degree of a flaw for users on Intel vPro systems.

Fortunately, none of these Management Engine features come enabled by default, and system administrators must first enable the services on their local network. So, basically if you are using a computer with ME features enabled, you are at risk.

Affected Frimware versions

Apparently, Intel’s Small Business Technology is not vulnerable to privilege escalation via the network. Whether you’re using AMT, ISM or SBT, the fixed firmware versions to look out for are, depending on the processor family affected:

  • First-gen Core family:
  • Second-gen Core family:
  • Third-gen Core family:
  • Fourth-gen Core family: and
  • Fifth-gen Core family:
  • Sixth-gen Core family:
  • Seventh-gen Core family:

“Anyone who ever enables AMT on one of these devices will be vulnerable. That’s ignoring the fact that firmware updates are rarely flagged as security critical (they don’t generally come via Windows update), so even when updates are made available, users probably won’t know about them or install them.”


  1. It’s difficult to find knowledgeable persons on this subject, but you sound like you are aware of what you are talking about! Thanks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.