The recently revealed Intel AMT vulnerability can be used to compromise the system from the BIOS level. The scan we provide is a step by step replication of the suggested vulnerability tests posted here. We have whipped up a Kaseya Agent Procedure introduced in our latest Upstream Kaseya Power Pack ready to do a quick audit of your clients machines. The remediation however is to upgrade the BIOS firmware, and that can be a quite resource needing task for customers not using Intel vPRO featuresmanagement in a centralized way.
The steps we do is:
- Check if we get a web page on http://192.168.122.62:16992
- Check if the “Intel(R) Management and Security Application Local Management Service” is running.
- Check if the Intel Dignostics tool gives registry feedback on current AMT firmware.
Combine this scan with the Report called “Security – Windows – Scan For Intel AMT Enabled And Version” (also included in our latest Kaseya content) and you will get a good insight in the risks you might be facing. Here you see a sample of the report output from Kaseya.
You can get our latest Upstream Kaseya Power Pack by jumping to this link.
The Upstream team