[olug] Intel vPro version analyzer that runs on Linux? SCSDiscovery.py?

Rob Townley rob.townley at gmail.com
Wed May 3 00:51:07 CDT 2017 

​
F
​or those that want some direct links:
​

Intel patches remote hijacking vulnerability that lurked in chips for 7
years
<https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/>
https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/



​
Intel Active Management Technology, Intel Small Business Technology, and
Intel Standard Manageability Escalation of Privilege
<https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr>
Intel ID:
<https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr>
INTEL-SA-00075
<https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr>

Intel Active Management Technology, Intel Small Business Technology, and
Intel Standard Manageability Escalation of Privilege
Intel ID: INTEL-SA-00075
Product family: Intel® Active Management Technology, Intel® Small Business
Technology, and Intel® Standard Manageability
Impact of vulnerability: Elevation of Privilege
Severity rating: Critical
Original release: May 01, 2017
Last revised: May 01, 2017
Summary:

There is an escalation of privilege vulnerability in Intel® Active
Management Technology (AMT), Intel® Standard Manageability (ISM), and
Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x
9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to
gain control of the manageability features provided by these products.
This vulnerability does not exist on Intel-based consumer PCs.
​
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
​
​


​"Intel® SCS – System Discovery Utility
<https://downloadcenter.intel.com/download/26691/Intel-SCS-System-Discovery-Utility>"
needs a reliable Linux version:
​
https://downloadcenter.intel.com/download/26691/Intel-SCS-System-Discovery-Utility
​

​
​


On Wed, May 3, 2017 at 12:45 AM, Rob Townley <rob.townley at gmail.com> wrote:

> As i mentioned in tonights meeting, corporate grade intel PCs have a
> problem. Much of my work using vPro stopped around 2013, so i am rusty
> ​ and forget its Linux capable utilities if any.​
>>>
> One way to find systems that need to be patched is the "Intel® SCS –
> System Discovery Utility
> <https://downloadcenter.intel.com/download/26691/Intel-SCS-System-Discovery-Utility>
> "
> ​.​
>> ​SCSDiscovery.exe
>  runs on each
> ​_​
> ​WINDOWS
> ​_​
> Desktop, not remotely from a central server ( the opp
> ​o​
> site of what vPro is meant for
> ​!​
> ).  What if you have Linux Desktops?
> ​ ​
> If someone finds a reliable way to analyze Linux systems, please post back
> to the list.  i suspect dmesg or dmidecode or lspci or something might
> provide this information
> ​, but i have never found vPro to be reliable​
> .
> ​  ​
>> ​tl;dr  Intel has not really thought this thru.  A Linux system running on
> vPro capable hardware is just as vulnerable because this is essentially a
> remote "hardware" vulnerability.  ​
>
>>

More information about the OLUG mailing list