PARTNER SECURITY BULLETIN: Intel AMT, Intel Small Business Technology, and ISM Escalation of Privilege Vulnerability

Partner/Vendor Solution

Customers are strongly recommended to review Intel's official advisory for full technical details and apply the applicable remediation steps (e.g. firmware updates, patches, etc.) for the vulnerabilities outlines above as soon as possible.

Protect Your Network Using Trend Micro Products

In addition to the provided partner/vendor solutions outlined above, or for customers who may have timing challenges in deploying the permanent fixes, Trend Micro also has some proactive protection against these vulnerabilities when using the following products:

• Trend Micro Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers with the latest IPS rules have an updated layer of Virtual Patching protection. Specifically, Trend Micro has released the following rule for proactive protection:
  • Rule 1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
• Trend Micro TippingPoint customers with the following filters have updated protection:
  • Filter 28213 - HTTP: Null Response Digest
  • Filter 28456 - HTTP: Intel Active Management Technology Authentication Bypass Vulnerability

Mitigating Factors

Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

However, even though an exploit may require several specific conditions to be met, Trend Micro and its partners strongly encourages customers to update to the latest builds and patches as soon as possible due to the critical nature of these vulnerabilities.

External Reference(s)