I could be wrong and would love to be corrected if I am).EDIT: I've just verified that my statement about physical access is accurate.I have two systems on my domain and have configured Intel AMT with SCS.However I had need to change the Host Name on both systems and afterwards the SCS database is not getting updated correctly after a maintenance Task.I don't have an Intel board, so I am hoping someone who does has tried the upgrade and can confirm or deny this post. addition, it appears that the Intel Windows BIOS update package is an all-in-one update, i.e.
If that's not possible, then enforce access rights so that a nefarious entity cannot glide in and use the USB ports without authorization.
I am trying to determine the process for updating the BIOS on an Intel board with AMT, i.e. Referring to the following link, it appears that the only method for updating the BIOS and retainingsettings on an AMT provisioned system is to use the Windows update procedure with the user/pass switch.
No other BIOS update method, including DOS based, will allow you to retain AMT settings, correct?
Thus, the vulnerability is closed, even if the computer has a firmware version that is affected by it.
This vulnerability is consistent with your question that if you enable it on the BIOS, then you open the vulnerability. AMT vulnerability is present on enterprise class PCs and servers only; that use this technology, i.e., not all PCs have this feature.