Thanks to CutePuppy for the ping!!
Posted on 05/08/2017 10:59:25 PM PDT by CutePuppy
This is the Read.md file on the site, explaining how to use a standalone executable file (compiled from a batch file) to disable recently discovered Intel's bug, until Intel machines' firmware get fixed.
Download the DisableAMT.exe (or DisableAMT.zip) from https://github.com/bartblaze/Disable-Intel-AMT
---------------------------------------------
# Disable Intel AMT Tool to disable Intel AMT on Windows. Runs on both x86 and x64 **Windows** operating systems. Download:
[DisableAMT.exe](DisableAMT.exe)
[DisableAMT.zip](DisableAMT.zip)
## What? On 02 May 2017, Embedi [discovered](https://www.embedi.com/news/mythbusters-cve-2017-5689) "*an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products*".
Emedi has also released a technical paper about their discovery: [Silent Bob is Silent](https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf) (PDF)
Read also: [Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege](https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr)
Assigned CVE: [CVE-2017-5689](https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5689)
## Wait, what? Your machine may be vulnerable to hackers.
## How do I know if I'm affected? If you see any of these stickers or badges on your laptop, notebook or desktop, you are likely affected by this:
Additionally, Intel AMT does run on non-vPro based processors in some cases with reduced functionality, called [tandard Manageability](https://software.intel.com/en-us/blogs/2009/03/27/what-is-standard-manageability). The tool presented here does not differentiate between processor types. This means it can also disable AMT on your machine, regardless of processor.
You may want to read: [How To Find Intel® vPro™ Technology Based PCs](https://communities.intel.com/docs/DOC-5693)
## Usage Simple. Download and run DisableAMT.exe, and it will do the work for you. This is based on the instructions provided by the [INTEL-SA-00075 Mitigation Guide](https://downloadcenter.intel.com/download/26754/INTEL-SA-00075-Mitigation-Guide)
When executing the tool, it will run quickly and when done, will present you with the following screen: 
Type **Y** or **N** if you would also like to automatically disable (by renaming) the actual LMS.exe (*Intel Local Management Service*) binary. When finished, a logfile will open up. **Reboot your machine at this point.**
There is also a short video guide avilable by MajorGeeks [here](https://www.youtube.com/watch?v=gyv5_n4HpMY). That's all! Simple!
### Details about the tool The tool is written in batch, and has the necessary components inside to unconfigure AMT. The batch file was compiled to an executable using the free version of [Quick Batch File Compiler](http://www.abyssmedia.com/quickbfc/), and subsequently packed with UPX to reduce filesize. Additionally, ACUConfig.exe and ACU.dll from [Intel's Setup and Configuration Software package](https://downloadcenter.intel.com/download/26505) is included. You may find all these files in the [src](src) folder.
Please find hashes below:
Filename | MD5 | SHA1 | SHA256 --- | --- | --- | --- *DisableAMT.exe* | 7876752e29178a85beae1e5a0b636faa | 89a2a64066c127c4f8fbdbf7ad946b59beaf4009 | 796e63854aaf3630cdfff642dc7f18fa4a32097737da45b0a5b83fb0a15fd72a *DisableAMT.zip* | fd1e986ba3376c161cdfaf5f5b1ae5fd | e81f58bf35f64067aa359bcbf1bbbe5305d6b13b | 837303761c87f3e8f3bfb3f5cb2eef16679a688df5781dc446300717f42a481f *ACUConfig.exe* | 4117b39f1e6b599f758d59f34dc7642c | 7595bc7a97e7ddab65f210775e465aa6a87df4fd | 475e242953ab8e667aa607a4a7966433f111f8adbb3f88d8b21052b4c38088f7 *ACU.dll* | a98f9acb2059eff917b13aa7c1158150 | d869310f28fce485da0c099f7df349c82a005f30 | c569d9ce5024bb5b430bab696f2d276cfdc068018a84703b48e6d74a13dadfd7
#### Does the tool make any hardware or firmware changes, or to the BIOS? No.
#### Is there an easier way to do this? Probably. Best way to mitigate, is to update your firmware. See for a list of vendors affected [here](https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr).
Ping, in case it may be useful.
Bkmrk and thanks.
Bookmark
Yup, now that it's embedded in the code, it's really expensive to change/fix it. All of that functionality wasted.
Pity.
G I G O
Thanks to CutePuppy for the ping!!
I’ve read the fix for Linux should be available in a few days.
Bkmk
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.