In case anyone has not heard about it by now, on May 1st, Intel announced a vulnerability in it's Active Management Technology, Small Business Technology, and Standard Manageability systems.
Since LANDesk integrates with AMT, I thought I would start a discussion on it.
This vulnerability can give an attacker complete control of your machine, theoretically even if the machine is powered off!! Yes, you read that right. If a machine is powered off and connected to a powered Ethernet connection, a hacker could power up the machine and take full control. Windows Firewall, Anti-Malware programs, and even disk encryption can all be bypasses. The vulnerable vPro/AMT/ME hardware has been built into laptops and desktops for years, silently waiting for a hacker develop an exploit.
Ivanti released a Vulnerability Definition "INTELAMT_Mitigation" that will mitigate the problem by limiting the attack vectors. However, this does not fix the problem, which is only repairable by updating the AMT Management Engine (ME) Firmware.
The difficulty developing a fix is that the Firmware updates are specific for Makes and Models of computers and are supplied by each computer manufacturer. So don't wait for Ivanti to publish a fix, because they would have to have a package for just about every make and model out there older that a couple years. I have taken the next step and created a Custom Definition that will update the firmware in the makes and models that exist in the environment that I manage. If you would like more information, tell me so and I can explain how to do it and even supply some sample scripts.