Figure 2: Authentication success!

While Intel didn’t come out and tell everyone exactly what the problem was, the guys at Tenable figured it out within minutes,2 and even show how simple it would be to exploit via Burp Suite. They’ve updated Nessus3 to scan for it, and everyone is broadly recommending that we all disable ports 16992, 16993, and 623 for good measure.

So yeah, the vulnerability is really bad, but how exposed is everyone?

Turns out, maybe not so much. The early doom-saying on the SSH page was a bit hyperbolic. Consider this; the AMT service runs on ports 16992 and 16993 only when you have a compatible CPU, compatible chip-set, supported network interface in the “first network interface” slot, Intel AMT blob in the BIOS, and BIOS provisioned to enable AMT.

Most of the systems with all of these conditions being true will come from major PC vendors, like Dell, HP, and Lenovo, that serve customers with well-developed PC fleet administration tools. And ideally, systems of that complexity would never be connected to untrusted networks, would they?