The Intel Active Management Technology (AMT) vulnerability (now referred to by many as “Silent Bob”) is one of those truly brutal, ugly ones that make you queasy to even think about. Like Heartbleed or Venom. If your organization had exposure to it, a threat actor could own your domain controller, which is basically the worst possible outcome, isn’t it?
Figure 1: SSH creator calling for disabling AMT ports.
Tatu Ylolen, creator of the cryptographic network protocol Secure Shell (SSH), has been shouting (tweeting) from the rooftops about the Intel AMT vulnerability for weeks. And, for a time, the SSH tracking page1 contained the bold statement, “THIS VULNERABILITY IS EVEN WORSE THAN I EVER IMAGINED!” Tatu’s discomfort came from his assumption that every Intel Xeon processor, anywhere—from laptops, to firewalls, to telephone networks, or what have you—was vulnerable via this authentication back door.
It was never a remote code execution vulnerability, as some had previously stated; the Intel AMT vulnerability is a flaw in the authentication code. The AMT management console uses HTTP-Digest for authentication, which is fine, but if you send a truncated (or even a zero-length) digest, the authentication succeeds anyway. Ooops!