Patchday: Dangerous gap in Intel’s remote maintenance Active Management Technology


Admins who maintain Intel systems remotely via Active Management Technology (AMT) should install the latest updates for security reasons. Under certain conditions, the gap in the remote maintenance software is considered to be “critical“.

This is the case when AMT is configured and switched on. This only affects so-called vPro systems with Q chipsets and some with Intel Standard Manageability (ISM). If this is the case, an attacker could acquire higher user rights via the network without authentication.

As can be seen from a warning message, the developers have the vulnerability (CVE-2020-8758) in the AMT / ISM versions 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 closed. All previous editions are threatened. In the message, Intel points out that support for AMT 3.x to 10.x has expired and the software is no longer receiving security updates.

For example HP and Supermicro have already made updates available. At the time of this report, we have not yet found any corresponding entries at Dell or Lenovo.

In addition, Intel has closed several loopholes in various BIOS versions. Here, for example, attackers could leak information or upgrade their user rights. One of the vulnerabilities (CVE-2020-0570) is with “high“However, an attacker would need physical access to a computer for a successful attack.

A hole (CVE-2020-12302) in Driver & Support Assistant could also turn attackers into admins in the worst case. That is covered Version The danger emanating from the vulnerability is with “medium“classified.

List sorted by threat level in descending order:


To home page