Embedded Host Based Configuration (EHBC) feature of Intel AMT Enabled - Lenovo Support NL

**Lenovo Security Advisory:**LEN-44725

**Potential Impact:**Insecure configuration

**Severity:**High

**Scope of Impact:**Lenovo-specific

**CVE Identifier:**CVE-2020-8353

Summary Description:

Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT.

The following products are affected if shipped before August 10, 2020:

• ThinkCentre M80t/s
• ThinkCentre M90t/s
• ThinkCentre M910z
• ThinkCentre M920s/t/q/z
• ThinkStation P330t/s
• ThinkStation P330 Tiny
• ThinkStation P340t/s

Mitigation Strategy for Customers (what you should do to protect yourself):

Use the Intel® AMT Configuration Utility 12.2.0.150 or later to verify the EHBC is enabled.

For this example, the command line interface of the configurator (ACUConfig.exe) is being used and is located in Configurator folder available in the Intel® Setup and Configuration Software (Intel® SCS) Kit in the screenshot below

At command prompt, browse to the directory where the ACUconfig.exe is located and type:

ACUConfig.exe /verbose /output console Status

To disable Intel EHBC:

ACUConfig.exe DisableEhbcState

References:

ACU config tool: <https://downloadcenter.intel.com/downloads/eula/26505/Intel-Setup-and-Configuration-Software-Intel-SCS-?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F26505%2Feng%2FSCS_download_package_12.2.0.150.zip&gt;

Revision History:

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.