Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Serial Port
Posts: 18
Registered: ‎01-07-2015
Location: PL
Message 11 of 43 (2,014 Views)

Re: Remote security exploit in all 2008+ Intel platforms

[ Edited ]

welcome,

from another computer in the same LAN you can also try to scan the IAMT_LOCAL_IP and see if port 623, 624, 16992-16995 are open or closed; just to be 100% sure that IAMT is not listening for incomming connection:

 

nmap -p16992,16993,16994,16995,623,664 IAMT_LOCAL_IP

and if you see open ports try:

curl -sS http://IAMT_LOCAL_IP:623 -i
curl -sS http://IAMT_LOCAL_IP:624 -i
curl -sS http://IAMT_LOCAL_IP:16992 -i 

 

802.11n
Posts: 133
Registered: ‎07-21-2010
Location: US
Message 12 of 43 (1,968 Views)

Re: Remote security exploit in all 2008+ Intel platforms

[ Edited ]

I have a W510 what needs to be done to fix this since Lenovo is only going back to W520?  Or nothing can be done?  What about disabling in AMT in Bios?

TP 25 Retro, W510 850 EVO, A30p
Retired 385D, A20p, A21p
Serial Port
Posts: 18
Registered: ‎01-07-2015
Location: PL
Message 13 of 43 (1,949 Views)

Re: Remote security exploit in all 2008+ Intel platforms

[ Edited ]

T410, T510, W510... it is a long list of Lenovo products that will be vulnerable forever if Lenovo don't care and don't want to apply Intel fix for this problem.

 

Yes the sad part is that Intel already have a fix for this vulnerability ( AMT v6.2.61.3535 ) so Lenovo only have to copy-paste the fix and to release it as a BIOS upgrade.

 

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

Punch Card
Posts: 45
Registered: ‎02-03-2016
Location: Germany
Message 14 of 43 (1,941 Views)

Re: Remote security exploit in all 2008+ Intel platforms

Guess I will delay my order of 60 T570 notebooks to see which vendor will take security most seriously...

Maybe Dell will do a better job here and will fix all vulnerable models?

Bit Torrent
Posts: 1,810
Registered: ‎11-28-2007
Location: CZ
Message 15 of 43 (1,929 Views)

Re: Remote security exploit in all 2008+ Intel platforms

[ Edited ]

As for remote access: Is safe to assume that disabling in BIOS turns it off for sure ? It displays deactivating state for a while after exit from BIOS and restarts. But some reports says it still remains active (even when disabled in BIOS !) anyway with default 'admin' password Smiley Frustrated

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
Community Moderator
Posts: 1,702
Registered: ‎05-01-2010
Location: US
Message 16 of 43 (1,897 Views)

Re: Remote security exploit in all 2008+ Intel platforms


Hentschke_Bau wrote:

Guess I will delay my order of 60 T570 notebooks to see which vendor will take security most seriously...

Maybe Dell will do a better job here and will fix all vulnerable models?



Two days ago I contacted Dell and searched to find a list of their vulnerable systems so I can add it to the OEM list that I am working on at a security site. No reply. No advisory. There was no discussion topic at their forum, so I started one on May 2.  As of this moment my Dell forum topic still has no replies.

 

Lenovo should be commended for having their comprehensive advisory and list posted ASAP. SmileyThumbUp.gif












Deutsche Community Comunidad en Español English Community Русскоязычное Сообщество Communidade Portugues

If you find a post helpful and it answers your question, please click the "Accept As Solution" button.

I am not employed by Lenovo or Microsoft. I am a volunteer.

SpywareHammer





Bit Torrent
Posts: 1,810
Registered: ‎11-28-2007
Location: CZ
Message 17 of 43 (1,858 Views)

Re: Remote security exploit in all 2008+ Intel platforms

[ Edited ]

It is important to provide solution for non-corporate customers. Most of them have don't need/want the vPro features anyway. There must be a simple tool that reports whether the AMT is disabled (unprovisioned) on their machine without a need to install the complex (and vulnerable) Intel AMT software they don't need.

__________________________________
ThinkPad (1992 - 2012): R51, X31, X220, Tablet 8.
Do you care about privacy and security ? Leave Google behind
Serial Port
Posts: 18
Registered: ‎01-07-2015
Location: PL
Message 18 of 43 (1,841 Views)

Re: Remote security exploit in all 2008+ Intel platforms

The only viable solution for everybody is that hw manufacturer - in this case Lenovo - to release the fix for HW if Intel release one; keeping loyal customers to a brand ( ThinkPad ) is more important than the small cost for this sw fix.

 

Maybe at some point you will find that you need to use what Intel AMT offer ( and you already paid for that option ).

Punch Card
Posts: 23
Registered: ‎03-01-2017
Location: US
Message 19 of 43 (1,756 Views)

Re: Remote security exploit in all 2008+ Intel platforms

[ Edited ]

According to https://support.lenovo.com/us/en/product_security/LEN-14963 my ThinkPad T560 with Intel iCore i6200U on-board is affected too.

However if to consult the product specification on Intel web side for this CPU the vPro is not populated here, so should be not affected. AMT seems to be vPro component.

Where this discrepancy from?

Intel check utility SCS Discovery completes with error of generic type something like an API was not available. This seems to be in line with Intels product specification but not with Lenovo claims in shown document.

Serial Port
Posts: 18
Registered: ‎01-07-2015
Location: PL
Message 20 of 43 (1,748 Views)

Re: Remote security exploit in all 2008+ Intel platforms

i5-6200U don't have vPro but ThinkPad T560 can have other processors that have vPro technology:

i7-6600U

i5-6300U

http://www3.lenovo.com/us/en/laptops/thinkpad/thinkpad-t-series/T560/p/22TP2TT5600

Top kudoed Authors