Intel Active Management Technology (AMT), Escalation of Remote Privilege Vulnerability

Document ID: 4015668
Posted Date: 2017-05-18
Last Updated: 2017-06-28
Distribution: View Public Website

Issue

Intel® Active Management Technology (AMT), Escalation of Privilege Vulnerability

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Potential Security Impact: Remote escalation of privilege on provisioned systems or local escalation of privilege on unprovisioned systems.

Source: Intel® Corporation (“Intel®”)

VULNERABILITY SUMMARY:

On May 1 2017, Intel® announced a security advisory regarding a critical firmware vulnerability in certain systems that utilize Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM) or Intel® Small Business Technology (SBT). The vulnerability could enable a network attacker to remotely gain access to business PCs or devices that use these technologies.

Toshiba PC's that were introduced in the market since 2010 which incorporate Intel® vPro™ CPU may be impacted. Toshiba is working closely with Intel® to validate their fix and ensure it works across Toshiba’s range of products. Until firmware updates are available, it is recommended that people and companies using Toshiba PCs and devices that incorporate AMT, ISM or SBT to take steps to maintain the security of their systems and information.

For general guidance on this issue, please see this announcement from Intel - http://www.intel.com/content/www/us/en/architecture-and-technology/intel-amt-vulnerability-announcement.html

Resolution

Intel® has provided the following mitigation options that may be used prior to the firmware being deployed:

Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system by running Intel's downloadable discovery tool, which will analyze your PC for the vulnerability.

If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system then no further action is required.
If you are unable to run the discovery tool follow the Step 2 below to determine if your PC is impacted by the Intel security advisory.
If your PC is affected using the discovery tool, go to Step 3 below to locate your PC model and firmware availability.

Step 2: Review the INTEL-SA-00075 Detection Guide to assess if your PC has the impacted firmware.

Step 3: Download and run the firmware update tool provided by Toshiba.

For help finding your model number CLICK HERE

Toshiba’s AMT Firmware Release Schedule:

Intel® Chipset Version	Model Names	Model Numbers	Target Available Date	Link to Firmware
7^th Generation	Portege A30-D	PT385	Available	Download Installation Procedure
	Portege R30-D	PT389
	Portege X20W-D	PRT13
	Portege X30-D	PT273
	Portege X30-D	PT274
	Tecra A40-D	PS485
	Tecra A50-D	PT583
	Tecra A50-D	PS58B
	Tecra A50-D	PS587
	Tecra C50-D	PT583
	Tecra Z50-D	PT583

Intel® Chipset Version	Model Names	Model Numbers	Target Available Date	Link to Firmware
6^th Generation	Portege A30-C	PT365	Available	Download Installation Procedure
	Portege A30-C	PT369
	Portege WT20-C Tablet	PT16D
	Portege Z20T-C	PT16B
	Portege Z30-C	PT261
	Tecra A40-C	PS465
	Tecra A50-C	PS577
	Tecra A50-C	PS57B
	Tecra A50-C	PS57K
	Tecra A50-C	PT573
	Tecra Z40-C	PT461
	Tecra Z40-C	PT463
	Tecra Z50-C	PT573
	Tecra Z50-C	PT577

Intel® Chipset Version	Model Names	Model Numbers	Target Available Date	Link to Firmware
5^th Generation	Tecra A50-C	PS56D	Available	Download Installation Procedure
	Tecra A50-C	PS56E
	Tecra A50-C	PS56M
	Portege A30-B	PT379
	Portege R30-B	PT379
	Portege WT20-B Tablet	PT15D
	Portege Z20T-B	PT15B
	Portege Z30t-B	PT251
	Tecra Z40-B	PT459
	Tecra Z40-B	PT45G

Intel® Chipset Version	Model Names	Model Numbers	Target Available Date	Link to Firmware
4^th Generation	Portege R30-A	PT341	Available	Download Installation Procedure
	Portege WT310	PT144
	Portege Z10T-A	PT142
	Portege Z30-A	PT241
	Portege Z30T-A	PT24A
	Tecra A50-A	PT641
	Tecra A50-A	PT645
	Tecra A50-A	PT64J
	Tecra W50-A	PT640
	Tecra Z40-A	PT449
	Tecra Z40-A	PT44G
	Tecra Z50-A	PT540
	Tecra Z50-A	PT545
	Toshiba WT310	PT144

Intel® Chipset Version	Model Names	Model Numbers	Target Available Date	Link to Firmware
3^rd Generation	Portege R930	PT333	Available	Download Installation Procedure
	Portege Z930	PT237
	Portege R930	PT331
	Portege Z10T-A	PT132
	Portege Z930	PT235
	Satellite Pro S850	PSSET
	Tecra R940	PT439
	Tecra R940	PT43G
	Tecra R950	PT530
	Tecra R950	PT535
	TOSHIBA WT310	PT134

Intel® Chipset Version	Model Names	Model Numbers	Target Available Date	Link to Firmware
2^nd Generation	Portege R830	PT321	Available	Download Installation Procedure
	Portege Z830	PT225
	Satellite Pro S750	PSSEL
	Tecra R840	PT429
	Tecra R840	PT42G
	Tecra R850	PT520
	Tecra R850	PT525
	Tecra R850	PT52S

Intel® Chipset Version	Model Names	Model Numbers	Target Available Date	Link to Firmware
1^st Generation	Portege M780	PPM78	Available	Download Installation Procedure
	Portege R700	PT311
	Portege R705	PT311
	Tecra A/S/P11	PTSE7
	Tecra A11	PTSE1
	Tecra A11	PTSE3
	Tecra R700	PT319

* The information in this document is subject to change without notice.
* "Intel" is a trademark of Intel Corporation in the U.S. and other countries.
* Other names and brands may be claimed as the property of others.

Export Control and EULA

Use of any software made available for download from this system constitutes your acceptance of the Export Control Terms and the terms in the Dynabook end-user license agreement both of which you can view before downloading any such software.