Tool to disable Intel AMT on Windows. Runs on both x86 and x64 Windows operating systems. Download:
On 02 May 2017, Embedi discovered "an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products".
Emedi has also released a technical paper about their discovery: Silent Bob is Silent (PDF)
Assigned CVE: CVE-2017-5689
Your machine may be vulnerable to hackers.
If you see any of these stickers or badges on your laptop, notebook or desktop, you are likely affected by this:
Additionally, Intel AMT does run on non-vPro based processors in some cases with reduced functionality, called Standard Manageability. The tool presented here does not differentiate between processor types. This means it can also disable AMT on your machine, regardless of processor.
You may want to read: How To Find Intel® vPro™ Technology Based PCs
Simple. Download and run DisableAMT.exe, and it will do the work for you. This is based on the instructions provided by the INTEL-SA-00075 Mitigation Guide
When executing the tool, it will run quickly and when done, will present you with the following screen:
Type Y or N if you would also like to automatically disable (by renaming) the actual LMS.exe (Intel Local Management Service) binary. When finished, a logfile will open up. Reboot your machine at this point.
There is also a short video guide avilable by MajorGeeks here. That's all! Simple!
The tool is written in batch, and has the necessary components inside to unconfigure AMT. The batch file was compiled to an executable using the free version of Quick Batch File Compiler, and subsequently packed with UPX to reduce filesize. Additionally, ACUConfig.exe and ACU.dll from Intel's Setup and Configuration Software package is included. You may find all these files in the sources folder.
Please find hashes below:
| Filename | MD5 | SHA1 | SHA256 |
|---|---|---|---|
| DisableAMT.exe | fd1e986ba3376c161cdfaf5f5b1ae5fd | e81f58bf35f64067aa359bcbf1bbbe5305d6b13b | 837303761c87f3e8f3bfb3f5cb2eef16679a688df5781dc446300717f42a481f |
| DisableAMT.zip | 7876752e29178a85beae1e5a0b636faa | 89a2a64066c127c4f8fbdbf7ad946b59beaf4009 | 796e63854aaf3630cdfff642dc7f18fa4a32097737da45b0a5b83fb0a15fd72a |
| ACUConfig.exe | 4117b39f1e6b599f758d59f34dc7642c | 7595bc7a97e7ddab65f210775e465aa6a87df4fd | 475e242953ab8e667aa607a4a7966433f111f8adbb3f88d8b21052b4c38088f7 |
| ACU.dll | a98f9acb2059eff917b13aa7c1158150 | d869310f28fce485da0c099f7df349c82a005f30 | c569d9ce5024bb5b430bab696f2d276cfdc068018a84703b48e6d74a13dadfd7 |
No.
Probably. Best way to mitigate, is to update your firmware. See for a list of vendors affected here, or see below.
HP Inc. - http://www8.hp.com/us/en/intelmanageabilityissue.html
HP Enterprise - http://h22208.www2.hpe.com/eginfolib/securityalerts/CVE-2017-5689-Intel/CVE-2017-5689.html
Lenovo - https://support.lenovo.com/us/en/product_security/LEN-14963
Fujitsu - http://support.ts.fujitsu.com/content/Intel_Firmware.asp
Dell Client - http://en.community.dell.com/techcenter/extras/m/white_papers/20443914
Dell EMC - http://en.community.dell.com/techcenter/extras/m/white_papers/20443937
Acer - https://us.answers.acer.com/app/answers/detail/a_id/47162
Asus - https://www.asus.com/News/uztEkib4zFMHCn5r
Panasonic - http://pc-dl.panasonic.co.jp/itn/info/osinfo20170512.html
Intel – NUC, Compute Stick and Desktop Boards.
wikiHow on how to update your computer's BIOS