Intel ProV Configuration Tool   CVE-2017-5689

Version 3

    Purpose

     

    Ivanti has produced a system configuration tool which minimizes the risk associated with the vulnerability CVE-2017-5689.

    This tool DOES NOT fix the underlying firmware vulnerability. You must use special tools provided by Intel or your OEM vendor to correct this vulnerability.  Consult the Intel documents at the end of this paper for the latest information.

    This Ivanti tool makes configuration changes to your system as recommended by Intel in their whitepaper describing how to mitigate the issue.  Specifically, the tool will attempt to unconfigure the Active Management Technology (AMT) framework and disable the Local Management Service (LMS) running on the system

     

    Vulnerability

    This vulnerability exists in the Intel AMT firmware of systems with the ProV technology.  AMT allows a remote system to be turned on as long as power and network connection are present.  This vulnerability is independent of the OS installed on the system.  There are several possible attack vectors via this vulnerability including KVM (remote control of mouse keyboard and monitor), IDE-R (IDE Redirection), and SOL (Serial over LAN).
    This technology has been in use for over nine years so both old and new systems are potentially vulnerable.  Intel provides directions on checking the firmware version to determine vulnerable systems.

     

    Tool Use

     

    In Ivanti Patch for Windows Servers this is an optional security tool: INTEL-SA-00075(QISA00075)

     

    This tool will be offered to any endpoint that has the LMS service installed when scanned with a template that includes security tools. The tool will attempt to unconfigure the AMT framework and disable the LMS service. This tool does not address the vulnerability at a firmware level.

     

    Best Practice & Q/A - Using Security Tools

     

    References:

     

    Intel Advisory Page

    INTEL-SA-00075 Detection and Mitigation Guide & Tool - (link from Advisory Page - subject to change)

     

    Affected Product(s)

     

    Shavlik Protect 9.2

    Ivanti Patch for Windows Servers 9.3