A serious security breach of the Intel driver software was discovered and removed after nine years.
All versions of the AMT (Active Management Technology), ISM (Standard Manageability) and SBT (Small Business Technology) versions from 6.0 to 11.6 are affected by a security vulnerability that allows an attacker to transfer a system remotely. The Intel products are used on every Windows system with vPro addition and a processor of the processor manufacturer. Due to the deep hardware integration of the software, the security vulnerabilities now threaten a large number of systems, which do not update the software in a timely manner.
The security vulnerabilities can be used to circumvent all anti-virus software as well as operating system protection mechanisms, which should prevent a third party from taking over.
The latest version of the AMT, ISM and SBT could be freed from the security gap by blocking the access to the network by the software. The vulnerability affects all Intel systems with one of the installed software since the Nehalem architecture 2008. The problem was reported in March 2017 by Maksim Malyutin.
Theoretically, the vPro platform is not intended for the use of personal computers, but we recommend installing the latest drivers for Intel systems. In addition to the patch via the software, the mainboard manufacturers can also remove the security holes via a BIOS update. Concretely affected are all systems with following chipsets.
List of affected Intel chipsets: