Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Disable Intel AMT on Windows (fix Intel's ME/AMT/SMT bug on vPro or consumer machine)
Bartblaze / GitHub ^ | 2017 May 07 | bartblaze

Posted on 05/08/2017 10:59:25 PM PDT by CutePuppy

This is the Read.md file on the site, explaining how to use a standalone executable file (compiled from a batch file) to disable recently discovered Intel's bug, until Intel machines' firmware get fixed.

Download the DisableAMT.exe (or DisableAMT.zip) from https://github.com/bartblaze/Disable-Intel-AMT

---------------------------------------------

# Disable Intel AMT Tool to disable Intel AMT on Windows. Runs on both x86 and x64 **Windows** operating systems. Download:

[DisableAMT.exe](DisableAMT.exe)

[DisableAMT.zip](DisableAMT.zip)

## What? On 02 May 2017, Embedi [discovered](https://www.embedi.com/news/mythbusters-cve-2017-5689) "*an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products*".

Emedi has also released a technical paper about their discovery: [Silent Bob is Silent](https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf) (PDF)

Read also: [Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege](https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr)

Assigned CVE: [CVE-2017-5689](https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5689)

## Wait, what? Your machine may be vulnerable to hackers.

## How do I know if I'm affected? If you see any of these stickers or badges on your laptop, notebook or desktop, you are likely affected by this:

![Intel badges](http://i.imgur.com/Evq3CUo.png "Intel badges")

Additionally, Intel AMT does run on non-vPro based processors in some cases with reduced functionality, called [tandard Manageability](https://software.intel.com/en-us/blogs/2009/03/27/what-is-standard-manageability). The tool presented here does not differentiate between processor types. This means it can also disable AMT on your machine, regardless of processor.

You may want to read: [How To Find Intel® vPro™ Technology Based PCs](https://communities.intel.com/docs/DOC-5693)

## Usage Simple. Download and run DisableAMT.exe, and it will do the work for you. This is based on the instructions provided by the [INTEL-SA-00075 Mitigation Guide](https://downloadcenter.intel.com/download/26754/INTEL-SA-00075-Mitigation-Guide)

When executing the tool, it will run quickly and when done, will present you with the following screen: ![Intel AMT disabler](http://i.imgur.com/e4DMXEV.png "Intel AMT disabler")

Type **Y** or **N** if you would also like to automatically disable (by renaming) the actual LMS.exe (*Intel Local Management Service*) binary. When finished, a logfile will open up. **Reboot your machine at this point.**

There is also a short video guide avilable by MajorGeeks [here](https://www.youtube.com/watch?v=gyv5_n4HpMY). That's all! Simple!

### Details about the tool The tool is written in batch, and has the necessary components inside to unconfigure AMT. The batch file was compiled to an executable using the free version of [Quick Batch File Compiler](http://www.abyssmedia.com/quickbfc/), and subsequently packed with UPX to reduce filesize. Additionally, ACUConfig.exe and ACU.dll from [Intel's Setup and Configuration Software package](https://downloadcenter.intel.com/download/26505) is included. You may find all these files in the [src](src) folder.

Please find hashes below:

Filename | MD5 | SHA1 | SHA256 --- | --- | --- | --- *DisableAMT.exe* | 7876752e29178a85beae1e5a0b636faa | 89a2a64066c127c4f8fbdbf7ad946b59beaf4009 | 796e63854aaf3630cdfff642dc7f18fa4a32097737da45b0a5b83fb0a15fd72a *DisableAMT.zip* | fd1e986ba3376c161cdfaf5f5b1ae5fd | e81f58bf35f64067aa359bcbf1bbbe5305d6b13b | 837303761c87f3e8f3bfb3f5cb2eef16679a688df5781dc446300717f42a481f *ACUConfig.exe* | 4117b39f1e6b599f758d59f34dc7642c | 7595bc7a97e7ddab65f210775e465aa6a87df4fd | 475e242953ab8e667aa607a4a7966433f111f8adbb3f88d8b21052b4c38088f7 *ACU.dll* | a98f9acb2059eff917b13aa7c1158150 | d869310f28fce485da0c099f7df349c82a005f30 | c569d9ce5024bb5b430bab696f2d276cfdc068018a84703b48e6d74a13dadfd7

#### Does the tool make any hardware or firmware changes, or to the BIOS? No.

#### Is there an easier way to do this? Probably. Best way to mitigate, is to update your firmware. See for a list of vendors affected [here](https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr).


TOPICS: Business/Economy; News/Current Events
KEYWORDS: amt; amtfix; bug; firmware; fix; intel; security; snoop; spyware; technology; windows; windowspinglist
This is a fix for Intel's AMT bug for a number of Intel's Core, Centrino and Xeon chips.
1 posted on 05/08/2017 10:59:25 PM PDT by CutePuppy
[ Post Reply | Private Reply | View Replies]

To: dayglored; Ernest_at_the_Beach

Ping, in case it may be useful.


2 posted on 05/08/2017 11:10:11 PM PDT by CutePuppy (If you don't ask the right questions you may not get the right answers)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CutePuppy

Bkmrk and thanks.


3 posted on 05/09/2017 1:57:29 AM PDT by BurrOh (All animals are equal, but some animals are more equal than others. ~Orwell)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CutePuppy

Bookmark


4 posted on 05/09/2017 3:10:04 AM PDT by JubJub
[ Post Reply | Private Reply | To 1 | View Replies]

To: CutePuppy
No doubt it’s just a programmer’s mistake, but here it is: keep silence when challenged and you’re in.

Yup, now that it's embedded in the code, it's really expensive to change/fix it. All of that functionality wasted.

Pity.

5 posted on 05/09/2017 4:23:38 AM PDT by TechJunkYard (Trump THIS, Hill-baby!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CutePuppy

G I G O


6 posted on 05/09/2017 6:01:06 AM PDT by Delta 21
[ Post Reply | Private Reply | To 1 | View Replies]

To: CutePuppy; Abby4116; afraidfortherepublic; aft_lizard; AF_Blue; amigatec; AppyPappy; arnoldc1; ...
Intel AMT privacy update/fix ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to CutePuppy for the ping!!

7 posted on 05/09/2017 7:43:19 AM PDT by dayglored ("Listen. Strange women lying in ponds distributing swords is no basis for a system of government.")
[ Post Reply | Private Reply | To 2 | View Replies]

To: TechJunkYard

I’ve read the fix for Linux should be available in a few days.


8 posted on 05/09/2017 8:00:53 AM PDT by Dalberg-Acton
[ Post Reply | Private Reply | To 5 | View Replies]

To: CutePuppy

More info:
https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/


9 posted on 05/09/2017 8:28:38 AM PDT by TexasGator
[ Post Reply | Private Reply | To 1 | View Replies]

To: CutePuppy

Bkmk


10 posted on 05/10/2017 7:33:41 AM PDT by sauropod (I am His and He is Mine)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson