Intel AMT affected Firewall Ports Status
Log In or Register to download the BES file, and more.

0 Votes

Description

This analysis checks whether there are active Firewall Rules that currently block the ports affected by the AMT vulnerability

Per Intel, the affected ports are:

  • 623
  • 664
  • 16992
  • 16993
  • 16994
  • 16995

 

Property Details

ID2998553
StatusAlpha - Code that was just developed
TitleIntel AMT affected Firewall Ports Status
DomainBESC
KeywordsCVE-2017-5689, Intel AMT bug, Intel AMT vulnerability, block ports, firewall
Added by on 5/10/2017 6:16:35 PM
Last Modified by on 5/10/2017 6:16:35 PM
Counters 4026 Views / 9 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Port 623
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=623" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 664
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=664" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 16992
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=16992" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 16993
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=16993" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 16994
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=16994" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"
Port 16995
Period Every Report
 
  * Results in a true/false
Show indented relevance
if exists (values of key "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules" of registry) whose (it as string contains "RPort=16995" and it as string contains "Action=Block" and it as string contains "Active=TRUE") then "Blocked" else "*** WARNING-PORT IS OPEN***"

Relevance

Used in 13 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system contains "Win"
Used in 3 fixlets and 2 analyses   * Results in a true/false
Show indented relevance
/* Version of Windows must be at least Win7 */ version of operating system >= "6.1"

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as