Forum Moderators: open
You can remotely commandeer and control computers that use vulnerable Intel chipsets by sending them empty authentication strings.
You read that right. When you're expected to send a password hash, you send zero bytes. Nothing. Nada. And you'll be rewarded with powerful low-level access to a vulnerable box's hardware from across the network – or across the internet if the management interface faces the public web.
Remember that the next time Intel, a $180bn international semiconductor giant, talks about how important it treats security.
"Disable AMT today. Mobilize whomever you need. Start from the most critical servers: Active Directory, certificate authorities, critical databases, code signing servers, firewalls, security servers, HSMs (if they have it enabled). For data centers, if you can, block ports 16992, 16993, 16994, 16995, 623, 664 in internal firewalls now.
"If you have anything connected to the Internet with AMT on, disable it now. Assume the server has already been compromised."
Moore said a query using the Shodan computer search engine detected fewer than 7,000 servers showing they had ports 16992 or 16993 open. Having those ports open is a requirement for the remote attack. That number of servers still represents a potentially substantial threat because tens of thousands of computers could be connected to some of those hosts.
No AMT on either of my two devices with Intel chips
but the discovery tool says I'm not vulnerable
only available with vPro, which I don't have
