Following the news about newly-discovered Intel AMT vulnerability, which attackers can exploit to gain full control over a computer and attack the enterprise, Mounir Hahad, Ph.D., Sr Director at Cyphort Labs, which manages IT threat visibility and control commented below.
Mounir Hahad, Ph.D., Sr Director at Cyphort Labs:
“This is a very severe vulnerability for three reasons: it gives broad access to the compromised PC, it’s is very easy to exploit, and te threat surface is monumental.
“The PCs which are exposed to the internet with open ports 16992 and 16993 are not the only potential targets, as implied by the early published articles. Any PC inside the enterprise behind a corporate firewall is also at risk due to lateral movement, once an attacker gains a foothold inside the network.
“It will be hard for Intel to completely close the vulnerability gap in a short period of time. We have to assume this vulnerability will leave computers exposed for quite some time – even after a fix is available – as patching is typically slow.
“Given that the PCs are exposed even if they’re turned off, this means that only network security measures can mitigate this risk. Our advice is to make sure people have deployed security products capable of detecting lateral movement and alert on access to these known ports when the connection comes from unexpected sources.”