Intel AMT affected Firewall Ports Status
Log In or Register to download the BES file, and more.

0 Votes

Description

This analysis checks whether there are active Firewall Rules that currently block the ports affected by the AMT vulnerability

Per Intel, the affected ports are:

  • 623
  • 664
  • 16992
  • 16993
  • 16994
  • 16995

 


Property Details

ID2998553
StatusAlpha - Code that was just developed
TitleIntel AMT affected Firewall Ports Status
DomainBESC
KeywordsCVE-2017-5689, Intel AMT bug, Intel AMT vulnerability, block ports, firewall
Added by on 5/10/2017 6:16:35 PM
Last Modified by on 5/10/2017 6:16:35 PM
Counters 3639 Views / 8 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Port 623
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=623" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 664
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=664" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 16992
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=16992" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 16993
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=16993" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 16994
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=16994" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 16995
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=16995" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"

Relevance

Used in 13 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system contains "Win"
Used in 3 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
/* Version of Windows must be at least Win7 */ version of operating system >= "6.1"

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!