Intel AMT SOL exposes hidden networking interface
This is as a result of Intel AMT SOL is an element of the Intel ME (Management Engine), a separate processor embedded with Intel CPUs, that runs its own software package.
Intel ME runs even once the main processor is powered off, and whereas this feature appearance pretty shady, Intel designed me to supply remote administration capabilities to corporations that manage giant networks of thousands of computers.
In ME component stack, AMT provides a foreign management feature for Intel vPro processors and chipsets. The AMT SOL may be a Serial-over-Lan interface for the Intel AMT remote management feature that exposes a virtual serial interface via TCP.
Because this AMT SOL interface runs within Intel ME, it’s become independent from the traditional software package, wherever firewalls and security product are provisioned to figure.
Furthermore, as a result of it runs within Intel ME, the AMT SOL interface can stay up and useful although the computer is turned off, however, the PC remains physically connected to the network, permitting the Intel me engine to send or receive knowledge via TCP.
Cyber-espionage teams, in general, are primarily fascinated by remaining hidden, thus AMT SOL’s firewall bypassing impact was the main reason the group determined to implement it.
Fortunately, Microsoft says it had been ready to establish clues within the malware’s operation that might enable its Windows Defender ATP security product to notice it before it accesses and initiates the AMT SOL interface. This provides corporations with a warning that they could are infected with the group’s malware.
When contacted by Microsoft, Intel said the platinum cluster wasn’t exploitation any vulnerability within the Intel AMT SOL interface, however, this was another classic case of dangerous guys employing a technology developed for legitimate functions to try and do dangerous things.
The good news is that Intel AMT SOL comes disabled by default all Intel CPUs, which means the computer owner or the native systems administrator should change this feature by hand.
Take your time to comment on this article.