There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.
Intel has have released some recommondations on the issue on the vulnerability.
You can use Bigfix content to apply the mitigation to this vulnerability.
The complete step is listed here:
Thanks for the fix… however, it still fails with
Invalid action content: the action script contains a syntax error.
Failed parameter “LMSpath” = “{following text of first “%22” of first match (regex “%22(.*LMS.exe)”) of (value “ImagePath” of it as string ) of key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LMS” of native registry}”
//Disable LMS
waithidden cmd.exe /C sc config LMS start=disabled
//Remove LMS
waithidden cmd.exe /C sc delete LMS
//Delete LMS.exe
continue if {(exists file (parameter “LMSpath” of action)) and ((parameter “LMSpath” of action) ends with “LMS.exe” )}
waithidden cmd.exe /c del /f "{parameter “LMSpath”}"
action requires restart
I suspect the { which may be needed for the debugger but not the client… Taking the { and } out from the 1st line allows the action script to proceed till it fails right at the end
Failed continue if {(exists file (parameter “LMSpath” of action)) and ((parameter “LMSpath” of action) ends with “LMS.exe” )}
waithidden cmd.exe /c del /f “{parameter “LMSpath”}” Is that likely to be the { again ?
Could you please help to run the following script in Q&A from the failed client and let us know the result so that we can investigate the cause of the syntax error? Q: following text of first "%22" of first match (regex "%22(.*LMS.exe)") of (value "ImagePath" of it as string ) of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LMS" of native registry Q: (value "ImagePath" of it as string ) of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LMS" of native registry Q: (concatenations of substrings separated by "%00" of (value "ImagePath" of key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LMS" of native registry as string))