[close04]

And it's exactly what the CVEs are about, isn't it?

From the article: vulnerability enables full-blown remote code execution in the AMT process of the Management Engine.

From Intel: https://www.intel.com/content/www/us/en/security-center/advi...

Buffer overflow in HTTP handler in Intel® Active Management Technology in Intel Converged Security Manageability Engine

[zamadatix]

Yes, it's what the CVEs are about, but the whole comment thread has been riddled with people talking past one another creating confusion:

- The CVEs are about AMT portion only not the base IME

- Not all affected hardware will be patched (based on age)

- AMT can be disabled (and is by default)

- IME/AMT run on a croprocessor on the motherboard - not the CPU itself

- AMT runs an HTTP server for IPMI abilities

[gnufx]

> - AMT runs an HTTP server for IPMI abilities

IPMI doesn't use HTTP.

AMT/vPro is apparently not for servers, and likely operates on the system NIC. The first rule of out-of-band management interfaces should be "use a physically-separate interface", which is unfortunately frequently broken (by one vendor when the procurement specified a separate interface).

[antpls]

> - AMT can be disabled (and is by default)

The devices which have the feature enabled are probably business devices and the feature is used to manage them. Business devices are good value targets, I guess.

Edit : I guess those devices will probably receive the fix, since they are managed