XXX Chats

(Update 2 May): Fellow Incident Handler Adrien pulled this screenshot, which is up on a default workstation install: Intel's mitigation guide [2] posts a detailed document on removing the supporting code in Windows by disabling or removing the affected service, either from the command line or in Group Policy.

Go back to the Critical Controls (https:// - get a good, complete hardware inventory together, and get a good software inventory - know what's in your organization and on your network, and know what's running on that gear.

Let's look with curl, and we'll see that a simple connect / get gives up the AMT version.

A great way to verify your patch (or disable) progress over the network, but also a good way for an attacker to find a pivot host.

You'll also see below that an unmanaged but v Pro equiped Windows machine will likely show some of the markers for this issue.

If this issue could be leveraged to compromise unmanaged but v Pro equiped desktops, laptops and other equipment, this could get very bad, very quickly (or worse than it is now anyway).

Comments Happy vpro dating