If VPro were in all Xeons then each and every Intel based computer in a DC would be affected. And that's clearly not the case. Also, it is not yet clear - at least to me - whether or not VPro is affected at all but if the ME runs AMT then it definitely is affected.
It’s quite an extensive list, and definitely not "only 2"
Though if that is the case Intel has a much more serious problem on its hand for suggesting that only business desktops and a couple of low end servers are affected.
Well, he was 'SemiAccurate', not accurate so you have all the reason to believe until further notice that VPro is not affected by this bug and claiming different is like shouting 'fire' in a crowded theater. Absent hard proof I don't think you should make such claims. Though I'm sure most sysadmins here would know the difference between a legitimate claim of such magnitude and an inaccurate one.
SemiAccurate got the gist right but lots of the details wrong.
Considering the fact that people claimed a few hours ago AMT would be entirely secure, I think the opposite should hold true right now. Assume everything is vulnerable, unless proven otherwise.
This is standard practice in most of IT, but apparently we ignore it here.
Well, in that case you'd better disconnect from the internet don't you think?
AMT was not claimed to be 'entirely secure' by anybody that mattered as far as I'm aware and Intel is pretty explicit about this vulnerability. It is a bad one because it is a remote exploitable one, but it isn't the first vulnerability either.
> This is standard practice in most of IT, but apparently we ignore it here.
Standard practice is to go on facts, not on conjecture or hype. If VPro rather than AMT is exploitable that would be very big news, far larger than the issue currently being reported. So far I have not seen a shred of evidence for that but who knows, that might change and then it will be a very very long night for a lot of people here. For now though there is no reason to be so alarmist.
Also, I'm kind of done with this discussion, you seem to want to hold on to a rumor on a website calling itself 'semi accurate' which in fact was exactly that and for which I'm grateful to them. But they are not authoritative in any way and you should stop making it seem as if they have the last word on this, if you want to make a point show some proof.
VPro or not doesn't matter, if the ME runs AMT then you might be affected if the version numbers are the ones listed in TFA so that's what you should go on, not just on whether or not you have VPro.
And if you don't need it disable this stuff in your BIOS, no need to enlarge your attack surface without a reason.
I can’t. My BIOS has no option for AMT.
But AMT is running, it’s exposed on the specified port via HTTP.
And this is on a consumer PC, with an i7-6700.