• Skip to Content
  • Skip to Main Navigation
  • Skip to Search

Indiana University Indiana University IU

Open Search Menu

Protect IU

  • Home
  • Police & Public Safety
    • Report a Concern
    • Personal Preparedness
    • Annual Security Reports
    • Jeanne Clery Act at IU
    • Safety & Prevention Programs
    • Physical Security and Asset Protection
    • Programs Involving Children & Policies
    • Sex & Violent Offender Registry
    • Cadet Officer Program
  • Emergencies, Continuity & Planning
    • Emergency Contact Information
    • Emergency Status Colors
    • Communication During Emergencies
    • Personal Preparedness
    • Emergency Procedures
    • Business Continuity Planning
    • Event Planning
  • Online Safety & Security
    • Report an Incident
    • Acceptable Use Agreement
    • Personal Preparedness
    • Information Security & Privacy Program
    • Privacy Matters
    • Policies
    • Protecting Data
    • Hardware & Software Security
    • Tools for Privacy & Security
    • Resources for IT Professionals
    • Training & Awareness
  • Environmental Health & Safety
    • Report a Concern
    • EHS Campus Divisions
    • Occupational Safety
    • Occupational Health
    • Laboratory Safety
    • Biological Safety
    • Environmental Management
    • Radiation Safety
    • Public Health
    • Diving Safety
    • Training
    • Safety Data Sheets
    • Programs A to Z
  • Search
  • About
  • Contact
  • Education
  • Home
  • News
  • UPDATE: CRITICAL Intel AMT Vulnerability

UPDATE: Critical Intel AMT vulnerability

Monday, May 8, 2017

UPDATE 5/18/2017

The University Information Security Office (UISO) has asked University Information Technology Services (UITS) Networks to block AMT ports at the network border. See the Local observations section, below, for a list of those ports and how to request a host to be whitelisted.

UPDATE 5/11/2017

The University Information Security Office (UISO) emphasizes this excerpt from one of our sources: "The Intel Management Engine (ME) is a separate processor in the chipset on the motherboard. It runs a TCP/IP stack and web server distinct from the operating system on the computer. The Management Engine can be active even when the server is powered off and while an operating system is running on the server. It can piggyback on the same network interfaces used by the host operating systems, or it can be used from a dedicated interface on the motherboard." Powering off an affected system does not protect you from the vulnerability as Intel AMT can utilize wired and wireless network connections to wake the system. UISO recommends using the Intel Unprovisioning tool which will perform the necessary steps to unprovision AMT, which is the first step in mitigating the vulnerability described in the Intel-SA-00075 security advisory. After running the tool, you will need to follow the additional steps in the Intel-SA-00075 Mitigation Guide to complete the mitigation. Until firmware updates are released and installed, taking the additional step of having a network-based firewall that blocks all connections to TCP ports 16992, 16993, 16994, and 16995 for mission critical hosts is recommended. If the mitigation guide cannot be followed or the systems cannot be placed behind a network firewall blocking the ports previously mentioned, then the system should be powered off with all power sources removed (power cord, battery, UPS, etc) and all wired network connections removed. Please note that Intel AMT may be present in business class tablets, laptops and desktops. Operating system based firewalls will not provide protection against this vulnerability.

Background

On May 1, 2017, a critical vulnerability in the Intel Active Management Technology (AMT) was published. The vulnerability affects a large number of firmware for Intel AMT, Intel Standard Manageability and Intel Small Business Technologies. 

Impact

Systems with affected versions of the Intel manageability firmware could allow an attacker to have the same control as administrators with local access. An attacker could use the vulnerability to change the code that boots up computers, load and execute programs, remotely power on computers that were off, and access the mouse, keyboard and monitor. Further, unauthorized access is not usually logged by the affected system because AMT has direct access to the system's network hardware. When AMT is enabled, all network packets go through the Intel Management Engine and then to the AMT. This means that network packets can bypass the operating system. Additionally, local firewall rules will not help because they are located within the operating system. Please see UISO Recommendations below for further steps that must be taken. 

Platforms affected

  • Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability
    • Systems with Intel manageability firmware versions 6.x
    • Systems with Intel manageability firmware versions 7.x
    • Systems with Intel manageability firmware versions 8.x
    • Systems with Intel manageability firmware versions 9.x
    • Systems with Intel manageability firmware versions 10.x
    • Systems with Intel manageability firmware versions 11.0
    • Systems with Intel manageability firmware versions 11.5
    • Systems with Intel manageability firmware versions 11.6

NOTE: Systems with versions before 6 or after 11.6 are not impacted 

Local observations

Using network scanning tools, the University Information Security Office (UISO) has scanned IU networks for this vulnerability and has identified several potentially vulnerable systems. We have asked University Information Technology Services (UITS) Networks to block the following AMT ports at the network border:

  • TCP 623
  • TCP 664
  • TCP SYN 16992
  • TCP SYN 16993
  • TCP SYN 16994
  • TCP SYN 16995

To request a host whitelisted from the filter, contact the University Information Security Office (it-incident@iu.edu) with the host IP address, host owner, and details regarding the exception request.

UISO recommendations

  • UISO recommends that ALL system owners use this site to determine whether their systems are affected and to take steps to protect them.
  • UISO additionally recommends to perform the unprovisioning and mitigation process outlined in the Intel SA-00075 Mitigation Guide.

Further reading

  • Intel AMT Vulnerability CVE-2017-5689 in Firmware
  • Intel Product Security Center INTEL-SA-00075
  • Intel SA-00075 Detection Guide
  • Intel SA-00075 Mitigation Guide
  • Intel SA-00075 Unprovisioning Tool
  • Important Security Information about Intel Manageability Firmware | Intel Newsroom
  • US-CERT Intel Firmware Vulnerability
  • The hijacking flaw that lurked in Intel chips is worse than anyone thought
  • Annual Security Reports
  • Emergencies
  • News

Protect IU social media channels

  • Twitter
  • Facebook
  • YouTube
Back to Top

Fulfilling the Promise

Indiana University

Copyright © 2019 The Trustees of Indiana University

Accessibility | Privacy Notice

  • Police & Public Safety
    • Report a Concern
    • Personal Preparedness
      • Party Playbook and Penalties
      • Ride-hailing services
      • Social Situations
      • Traffic & Pedestrians
    • Annual Security Reports
    • Jeanne Clery Act at IU
      • Clery Act Off-campus
      • Campus Security Authorities
    • Safety & Prevention Programs
      • Alcohol & Drugs
        • Alcohol & Drug Resources
        • Health Effects of Alcohol & Drugs
        • Legal Sanctions
        • University & Campus Policies
      • Bicycle Theft Prevention
      • Domestic & Sexual Violence
      • Suspicious Mail & Packages
    • Physical Security and Asset Protection
      • Facilities Physical Security, Safety, and Privacy Program
      • Facilities Physical Security, Safety, and Privacy Base Bid Standards
      • Video & Electronic Surveillance Procedures
    • Programs Involving Children & Policies
      • Programs Involving Children
        • Background Checks
        • Types of Programs Involving Children
        • Guidelines for Individual Programs
    • Sex & Violent Offender Registry
    • Cadet Officer Program
      • Sgt. Tim Lewis Memorial Fund
  • Emergencies, Continuity & Planning
    • Emergency Contact Information
      • IU Bloomington
      • IU East
      • IU Kokomo
      • IU Northwest
      • IUPUC
      • IUPUI
      • IU Southeast
      • IU South Bend
    • Emergency Status Colors
    • Communication During Emergencies
      • IU-Notify
    • Personal Preparedness
      • Travel Safety
        • Driving
        • Resources
        • Securing Technology
        • Travel Insurance
      • Natural Hazards
        • Earthquakes
        • Emergency Kits
        • Extreme Heat
        • Severe Weather & Flooding
        • Tornadoes
        • Winter Weather
    • Emergency Procedures
      • Medical Emergencies
      • Active Shooter-Aggressor
      • Bomb Threats
      • Fire & Building Evacuation
      • Building-specific Procedures
      • Campus-Specific Procedures
      • Earthquakes
      • Shelter in Place
      • Spills, Leaks & Odors
      • Infectious Disease
      • Tornadoes & Severe Weather
      • Utility Failure
    • Business Continuity Planning
      • Create a Continuity Plan
    • Event Planning
      • Food & Beverage Guidelines
      • Parking & Transportation
      • Policies & Procedures
      • Sanitation
      • Security Staff
      • Signage
      • Stages, Sound, Lighting & Tents
  • Online Safety & Security
    • Report an Incident
      • Emergency IT Incidents
      • Managing Incidents
      • Reporting Suspected Sensitive Data Exposures
    • Acceptable Use Agreement
    • Personal Preparedness
      • Cybersecurity while traveling
      • Email & Phishing Scams
      • File Sharing & Copyright
        • Contesting Copyright Infringement Notices
        • Disabling Peer to Peer File Sharing
        • Copyright Tutorial
        • Copyright Infringement Incident Resolution
      • Identity Theft
      • IU Passphrases
      • Keeping Data Safe
      • Ransomware
      • Using Social Media
      • Web Privacy
    • Information Security & Privacy Program
      • Safeguards
        • Policy Administration
        • Risk Assessment and Treatment
        • Compliance
        • Human Resources
        • Identity & Access Control
        • Information Systems Acquisition, Development, and Maintenance
        • Asset Management
        • Business Continuity Management
        • Communications & Operations Management
        • Incident Management
        • Organization
        • Physical & Environmental Security
      • Governance
      • Principles
      • Tools & Resources
    • Privacy Matters
      • Report Privacy Incident or Request Assistance
      • Privacy Harms
      • Privacy Principles
      • Wearable Technologies
    • Policies
      • The Policy Hierarchy Explained
      • Privacy Policies & FAQ
      • Information & IT Policy Process
    • Protecting Data
      • Sensitive Data
        • Guidelines
      • Secure Data Removal
      • Identity Verification
      • Federal & State Data Protection Laws
      • Protecting Data in Copiers and Multifunction Devices
      • Sharing Institutional Data with Third Parties
      • Indiana Data Protection Laws FAQ
      • Use of Survey Software
      • Cyber Risk Mitigation Responsibilities (IT-28) Review
    • Hardware & Software Security
      • Failed Devices and Media
      • Solid State Drives
      • Cloud computing
      • Data Encryption
      • Laptop Security
      • Malware & Scareware
      • Mobile Device Security
      • Account Privileges
      • Remote Desktop
    • Tools for Privacy & Security
      • Incident Response Webservice
      • Privacy Notice Generator
      • Identity Finder
      • Personal & Corporate Software Inspector
      • SSL/TLS Certificates
      • Vulnerability Scanners
      • Penetration Test
    • Resources for IT Professionals
      • Audits & Requirements
      • Back Up Data
      • Information Security Best Practices
      • CIS Benchmarks
      • Disaster Recovery Planning
      • Managing Employee Data
      • Medical Device Security
      • Transferring Data Securely
      • Using SSH
    • Training & Awareness
  • Environmental Health & Safety
    • Report a Concern
    • EHS Campus Divisions
      • IU Bloomington
      • IUPUI
    • Occupational Safety
      • Construction
        • Asbestos Management
        • Contractor Safety Program and Guidelines
        • Lead Safety
      • Injury & Illness Reporting
      • Indoor Air Quality
      • Maintenance and Industrial Equipment
        • Aerial Lift Safety
        • Compressed Gas Cylinder Safety
        • Control of Hazardous Energy
        • Crane, Hoist, Sling Safety Program
        • Electrical Safety
        • Fall Protection
        • Hand and Power Tool Safety
        • Heavy Equipment and Vehicle Safety Program
        • Machinery and Machine Guarding Program
        • Mower Safety
        • Permit-Required Confined Space Program
        • Portable Ladder Safety Program
        • Powered Industrial Trucks
        • Scaffold Safety Program
        • Small Unmanned Aircraft System Safety Program
        • Walking and Working Surfaces Program
        • Welding, Cutting, Brazing Safety
      • Personal Protective Equipment
        • Eye & Face Protection Program
        • Foot Protection Program
        • Hearing Conservation Program
        • Respiratory Protection Program
      • Water Damage Restoration Program
      • First Aid, CPR, AED Program
      • Beekeeping Safety Program
    • Occupational Health
      • Ergonomics
        • Office Ergonomics
          • Workstation components
        • Laboratory Ergonomics
        • Back Safety
        • Workstation Exercises
        • Evaluations and Products
        • Ergonomics Program
      • Anesthetic Gas Safety
      • Cold Stress Program
      • Formaldehyde Hazard Communications Program
      • Hazard Communication and Chemical Safety
      • Heat Stress Program
      • Occupational Health and Safety for Animal Users
      • Odor Investigation Protocol
      • Lead
    • Laboratory Safety
      • Service Animals in Laboratories
      • Laboratory Safety and Chemical Hygiene Plan
        • Introduction
        • Control Measures
        • Standard Operating Procedures
        • Training Requirements
        • Medical Consultations
        • Laboratory Safety Equipment
        • Appendices
      • Controlled Substances Program for Research
      • Laser Safety Program
      • Robot Safety
    • Biological Safety
      • Indiana University Biosafety Manual
      • Bloodborne Pathogen Exposure Control Plan
    • Environmental Management
      • Waste Management
        • Waste Management Guide
          • Introduction
          • Regulatory Overview
          • In-Lab Disposal Options
          • Waste Minimization
          • Spill Response
          • IU Bloomington Waste Management
          • IUPUI Waste Management
          • IU Regional Campus Waste Management
          • Attachments
        • Hazardous Materials Transportation
        • Waste Minimization and Pollution Prevention Program
      • Water Quality
        • Wellfield Protection Program
        • Spill Prevention Control & Countermeasures (SPCC)
        • Stormwater Protection Program
      • Community Right-to-Know (EPCRA)
      • Mercury Reduction and Elimination Program
      • Underground Storage Tanks
      • Biological, Chemical, Radiological Spill Reporting and Response Program
    • Radiation Safety
    • Public Health
      • Communicable Diseases
        • Chikungunya
        • Ebola
        • Influenza
        • Legionella
        • Measles
        • Meningitis
        • MRSA
        • Mumps
        • Norovirus
        • Pertussis
        • Scabies
        • Tuberculosis
        • West Nile
        • Zika
      • Food Safety
        • Food Service Establishments Program
        • Temporary Event Food Service
      • Water Venues
    • Diving Safety
    • Training
      • Online Training
      • Instructor-Led Classroom
      • Non-IU Guest Users
      • Certificates
    • Safety Data Sheets
    • Programs A to Z
  • About
    • Glossary of Terms
  • Contact
    • Staff
  • Education
    • Posters and Signs
    • Faculty Guides
    • Emergency Procedures Grid
    • Student Involvement