Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

PARTNER SECURITY BULLETIN: Intel AMT, Intel Small Business Technology, and ISM Escalation of Privilege Vulnerability

    • Updated:
    • 10 Aug 2017
    • Product/Version:
    • Deep Security
    • Vulnerability Protection
    • Platform:
    • N/A N/A
Bulletin Date: June 13, 2017
CVE Vulnerability Identifier(s): CVE-2017-5689
Partner Vendor(s): Intel
CVSS 3.0 Score(s): 8.4 and 9.8
Severity Rating(s): Critical
Please note that this bulletin is for a partner technology, and does not directly affect Trend Micro products or services. However, Trend Micro does have protection against this vulnerability as outlined below in addition to the partner's published resolution or workaround.

Intel has publicly disclosed an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs with consumer firmware, Intel servers utilizing Intel® Server Platform Services (Intel® SPS), or Intel® Xeon® Processor E3 and Intel® Xeon® Processor E5 workstations utilizing Intel® SPS firmware. 

Intel's official advisory can be found here.


Partner/Vendor Solution

Customers are strongly recommended to review Intel's official advisory for full technical details and apply the applicable remediation steps (e.g. firmware updates, patches, etc.) for the vulnerabilities outlines above as soon as possible.

Protect Your Network Using Trend Micro Products

In addition to the provided partner/vendor solutions outlined above, or for customers who may have timing challenges in deploying the permanent fixes, Trend Micro also has some proactive protection against these vulnerabilities when using the following products:

  • Trend Micro Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers with the latest IPS rules have an updated layer of Virtual Patching protection. Specifically, Trend Micro has released the following rule for proactive protection:
    • Rule 1008369 - Intel Active Management Technology Escalation Of Privilege (CVE-2017-5689)
  • Trend Micro TippingPoint customers with the following filters have updated protection:
    • Filter 28213 - HTTP: Null Response Digest
    • Filter 28456 - HTTP: Intel Active Management Technology Authentication Bypass Vulnerability

Mitigating Factors

Exploiting these type of vulnerabilities generally require that an attacker has access (physical or remote) to a vulnerable machine. In addition to timely application of patches and updated solutions, customers are also advised to review remote access to critical systems and ensure policies and perimeter security is up-to-date.

However, even though an exploit may require several specific conditions to be met, Trend Micro and its partners strongly encourages customers to update to the latest builds and patches as soon as possible due to the critical nature of these vulnerabilities.

External Reference(s)

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.