Hello, welcome to the Tuesday, May 2nd, 2017 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

On Monday, Charlie Dersian did release an interesting vulnerability that affects all recent Intel CPUs that do provide remote

manageability features. The earliest affected one is the Nehalam platform, which was released

in 2008, but even the most recent cabby lake processors may be affected the problem here is the

Intel active management technology also known as Intel small business technology

or Intel standard manageability technology all of these three technologies are vulnerable and attacks can lead

to an elevation of privileges. The impact very much depends on whether or not these features

are configured to be reachable across the network. So typically you find this feature in systems being deployed in

businesses. You're less likely going to see it in a home system, but then again, there is no clear

distinction, what's a business system, what's a home system. So I would still double check in a home

environment whether or not you have this feature enabled.

If it's only enabled for local access, then what you have is approach escalation vulnerability.

An attacker that has access to the system can escalate privileges to become an administrator.

Now, more dangerous if you have it exposed on the network, which is particularly

common for businesses that would like to have the kind of remote manageability that this feature

offers. Then your system is exposed on port 16,992 through 16,995.

Essentially, this feature will intercept all network traffic

on these ports.

The traffic will not be passed to the CPU.

Instead, it will be processed by these management features.

It's also available over Wi-Fi.

...