Intel AMT System Status
Log In or Register to download the BES file, and more.

0 Votes

Description

This analysis reads the System Exposure and System Risk values from an xml file created by the task:

Scan for Intel AMT Vulnerability_v1.0.1.6

The task runs an Intel utility designed to determine if the system is at risk from the AMT vulnerability. 

 

The values and meaning of these values are listed below as per Intel Documentation:

Value Description
System Risk
  •  Vulnerable

    The system has a vulnerable manageability firmware version, firmware needs to be updated


  • Not Vulnerable

    The system meets the "Not Vulnerable" criteria described in the Identifying impacted systems using the INTEL-SA-00075 Discovery Tool section of the document.


  • Not Vulnerable (Verify configuration)

    The system has the firmware with the fix for INTEL-SA-00075, but if the system was provisioned prior to the firmware update, an attacker using the known vulnerability may have changed the manageability configuration. There is a limited amount of verification that can be done through reviewing the Intel manageability SKU audit log. A full unprovision, reprovision of the manageability SKU will remove unauthorized configuration settings.

  • Check With OEM

    The information in the SMBIOS from the OEM shows a manageability SKU, but the Discovery Tool did not receive a response when requesting detailed data from your computer. This may be caused by a missing Management Engine interface driver. Consult your OEM to find out if your computer model is affected.

  • Unknown:

    Discovery Tool did not receive a valid response when requesting hardware inventory data from your computer. Consult your OEM to find out if your computer model is affected

System Exposure
  • Exposed

    The system is provisioned and the LMS is running.

  • Not Exposed

    System is determined to be unprovisioned and the LMS is not running

  • Potential Exposure

    System is determined to be unprovisioned and the LMS status could not be determined

  • Unknown

    Discovery Tool did not receive a valid response when requesting hardware inventory data from your computer. The Discovery Tool cannot determine if a mitigation has been applied to this system.

 

 


Property Details

ID2998552
StatusAlpha - Code that was just developed
TitleIntel AMT System Status
DomainBESC
KeywordsCVE-2017-5689, Intel AMT bug, Intel AMT vulnerability, detect, scan
Added by on 5/10/2017 6:07:44 PM
Last Modified by on 5/10/2017 6:07:44 PM
Counters 2832 Views / 31 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

System Risk
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists folder (((parent folder of client) as string) & "\Intel_AMT_Scanner") then if exists file (((hostname) as string) & "_System_Summary.xml") of folder (((parent folder of client) as string) & "\Intel_AMT_Scanner") then preceding text of first "<" of (following text of first ">" of (lines of file (((hostname) as string) & "_System_Summary.xml") of folder (((parent folder of client) as string) & "\Intel_AMT_Scanner")) whose (it as string contains "System_Risk")) else "No Scan Results xml File" else "Scan Not Run"
System Exposure
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists folder (((parent folder of client) as string) & "\Intel_AMT_Scanner") then if exists file (((hostname) as string) & "_System_Summary.xml") of folder (((parent folder of client) as string) & "\Intel_AMT_Scanner") then preceding text of first "<" of (following text of first ">" of (lines of file (((hostname) as string) & "_System_Summary.xml") of folder (((parent folder of client) as string) & "\Intel_AMT_Scanner")) whose (it as string contains "System_Exposure")) else "No Scan Results xml File" else "Scan Not Run"
Last Scan Date
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists folder (((parent folder of client) as string) & "\Intel_AMT_Scanner") then if exists file (((hostname) as string) & "_System_Summary.xml") of folder (((parent folder of client) as string) & "\Intel_AMT_Scanner") then preceding text of first "<" of (following text of first ">" of (lines of file (((hostname) as string) & "_System_Summary.xml") of folder (((parent folder of client) as string) & "\Intel_AMT_Scanner")) whose (it as string contains "Scan_Date")) else "No Scan Results xml File" else "Scan Not Run"

Relevance

Used in 13 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system contains "Win"
Used in 3 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
/* Version of Windows must be at least Win7 */ version of operating system >= "6.1"

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
jgstew -
Related: https://bigfix.me/fixlet/details/24269
mxc0bbn -
The accompanying task can be downloaded here: https://www.bigfix.me/fixlet/details/24270