Acerca de la vulnerabilidad crítica de Intel manageability firmware

Última actualización: 26 de mayo de 2017

Descripción general

El 1 de mayo, Intel publicó una recomendación de seguridad relacionada con una vulnerabilidad crítica de firmware en determinados sistemas que utilizan la Tecnología Intel® de gestión activa (AMT), Intel® Standard Manageability (ISM) o Intel® Small Business Technology (SBT). La vulnerabilidad podría permitir que un atacante de la red obtuviera acceso remoto a los ordenadores o los dispositivos para empresas que utilizan estas tecnologías. Los ordenadores con firmware para consumidores que utilizan los servicios de las plataformas Intel® para servidores no se verán afectados por esta vulnerabilidad.

Hasta que las actualizaciones del firmware estén disponibles, instamos a las personas y las empresas que utilizan ordenadores y dispositivos para empresas que cuentan con AMT, ISM o SBT a tomar medidas para mantener la seguridad de sus sistemas y su información.

Comprendemos que puede estar preocupado por esta vulnerabilidad. Hemos creado esta página para ayudarle a comprender el problema, a evaluar si su sistema se ha visto afectado y a tomar las medidas adecuadas.

Recursos

De Intel

  • Recomendación de seguridad oficial de Intel: Datos técnicos sobre la vulnerabilidad, qué productos son vulnerables, recomendaciones sobre las acciones a emprender, enlaces a recursos técnicos para la detección y la mitigación de la vulnerabilidad. Este documento se actualiza regularmente.
  • Recomendaciones de Intel para determinados productos de Intel® NUC, Intel® Compute Stick y placas Intel® para equipos de sobremesa.
  • Guía de detección: Herramientas e información para guiarle a lo largo del proceso de evaluación en caso de que sus sistemas sean vulnerables.
  • Guía de mitigación: Herramientas e información para ayudarle a proteger los sistemas afectados por esta vulnerabilidad antes de aplicar una actualización de firmware.
  • Guía de procedimientos para la implementación de firmware: Información y pasos de procedimientos para implementar firmware de sistema actualizado.

Servicio de atención al cliente de Intel

On May 1, Intel published a security advisory regarding a firmware vulnerability in certain systems that utilize Intel® Active Management Technology (Intel® AMT), Intel® Standard Manageability (Intel® ISM), or Intel® Small Business Technology (Intel® SBT). The vulnerability is potentially very serious, and could enable a network attacker to remotely gain access to businesses PCs and workstations that use these technologies. We urge people and companies using business PCs and devices that incorporate Intel® AMT, Intel® ISM or Intel® SBT to apply a firmware update from your equipment manufacturer when available, or to follow the steps detailed in the mitigation guide.

Intel® AMT and Intel® ISM are remote management tools typically used by system administrators at large organizations to manage large numbers of computers. Intel® SBT is a similar technology typically used by small and medium sized businesses with fewer devices to manage. All of these systems incorporate Intel manageability firmware.

Data center servers using Intel® Server Platform Services are not affected by this vulnerability. If you are uncertain, you should evaluate your systems to make sure they are secured against this vulnerability. Please see our detection guide for tools and instructions (currently available only for Microsoft Windows* operating systems). If your system is vulnerable, we strongly recommend applying the steps detailed in the mitigation guide, and applying a firmware update from your equipment manufacturer when available.

Consumer PCs with consumer firmware are not impacted by this vulnerability. If you are uncertain as to whether your system is vulnerable, or just want to be sure, please see our detection guide for tools and instructions, or contact Intel Customer Service.

We have implemented and validated a firmware update to address the problem, and we are cooperating with equipment manufacturers to make it available to end-users as soon as possible. Please check with your computer manufacturer for availability of firmware updates for your specific systems and other details. Computer manufacturers are publishing information specific to their products, including availability of firmware updates. Advisories for some manufacturers can be found at the following websites:

Until firmware updates are available, systems administrators can take the mitigation steps detailed in the mitigation guide published under our security advisory. Consumers or others who need support securing vulnerable systems can contact Intel Customer Support.

Yes, you should still apply firmware updates if they are available for your systems. The mitigations help to protect systems that have the vulnerability, but they do not address the underlying vulnerability. To resolve this vulnerability issue, we urge people and companies using business PCs and devices that incorporate Intel® AMT, Intel® ISM or Intel® SBT to apply any available firmware updates from your equipment manufacturer as soon as possible. Please check with your computer manufacturer for availability of firmware updates for your specific systems and other details.

The mitigations help to protect systems that have the vulnerability, but they do not address the underlying vulnerability. The discovery tool will report a system as vulnerable until the system is updated to include an AMT firmware version that removes the vulnerability. To resolve this vulnerability issue, we urge people and companies using business PCs and devices that incorporate Intel® AMT, Intel® ISM or Intel® SBT to apply any available firmware updates from your equipment manufacturer as soon as possible. Please check with your computer manufacturer for availability of firmware updates for your specific systems and other details.

Computer manufacturers are publishing information specific to their products, including availability of firmware updates. Advisories for some manufacturers can be found at the following websites:

Consumers or others who need support securing vulnerable systems can contact Intel Customer Support. Online support is available at http://www.intel.com/supporttickets. To contact Intel Customer Support by phone in the US, Canada, or Latin America call (916) 377-7000. Europe, Middle East and Africa support phone numbers can be found here. Asia Pacific support phone numbers can be found here.

You should evaluate your systems to make sure they are secured against this vulnerability. Please see our detection guide for tools and instructions. If your system is vulnerable, we strongly recommend applying the steps detailed in the mitigation guide, and applying a firmware update from your equipment manufacturer when available. Contact Intel Customer Service if you need support.

You should evaluate your systems to make sure they are secured against this vulnerability. Please see our detection guide for tools and instructions. If your system is vulnerable, we strongly recommend applying the steps detailed in the mitigation guide, and applying a firmware update from your equipment manufacturer when available. Contact Intel Customer Service if you need support.

In most cases, companies that issue PCs to employees will have systems administrators or IT professionals who manage updates and security for employees’ computers. You should speak to your company's IT department before taking any action with your PC with regard to this situation.

If you are a consumer and you believe you may have purchased a PC with these capabilities, then you should evaluate your system to make sure it is secured against this vulnerability. Please see our detection guide for tools and instructions. If your system is vulnerable, we strongly recommend applying the steps detailed in the mitigation guide, and applying a firmware update from your equipment manufacturer when available. Contact Intel Customer Service if you need support.

This is a vulnerability in the Intel® chipset firmware, not in the physical design of a processor. It can be addressed by applying a firmware update from your equipment manufacturer when available, or by applying the steps detailed in the mitigation guide.

Intel has a set of policies, procedures, and practices called the Security Development Lifecycle (SDL) to help ensure our products meet specifications and security requirements. While no system is foolproof, there are mechanisms in place for Intel to work with computer manufacturers to address vulnerabilities should the need arise. When we receive reports of potential vulnerabilities in Intel® products, we work hard to assess them and respond appropriately so we can continue providing the security for our customers.