Why settle for mainstream? Go upstream!

+46-8-56610670 info@upstream.se

How to scan Intel based systems for the AMT vulnerability with Kaseya

The recently revealed Intel AMT vulnerability can be used to compromise the system from the BIOS level. The scan we provide is a step by step replication of the suggested vulnerability tests posted here. We have whipped up a Kaseya Agent Procedure introduced in our latest Upstream Kaseya Power Pack ready to do a quick audit of your clients machines. The remediation however is to upgrade the BIOS firmware, and that can be a quite resource needing task for customers not using Intel vPRO featuresmanagement in a centralized way.

The steps we do is:

  1. Check if we get a web page on http://192.168.122.62:16992
  2. Check if the “Intel(R) Management and Security Application Local Management Service” is running.
  3. Check if the Intel Dignostics tool gives registry feedback on current AMT firmware.

Combine this scan with the Report called “Security – Windows – Scan For Intel AMT Enabled And Version” (also included in our latest Kaseya content) and you will get a good insight in the risks you might be facing. Here you see a sample of the report output from Kaseya.

2017_05_05_09_32_44_Security_Windows_Scan_For_Intel_AMT_Enabled_And_Version

You can get our latest Upstream Kaseya Power Pack by jumping to this link.

Kind regards

The Upstream team

4 May, 2017 • BY Ronny Tunfjord