This content has been marked as final. Show 2 replies
After installing AMD Chipset Drivers on Windows 7 x64 for my new Ryzen 7 1700 MSI x370 32GB ram build last week i started getting firewall warnings of incoming connections to local port 8732 on my pc. After some digging i found out that the port is opened by the tbaseprovisioning service.
The tbaseprovisioning service doesn't have any description beside Copyright 2013-2014 AMD (???) and it was installed with the AMD PSP 3.0 Device driver from :AMD Chipset Drivers Folder\Packages\Drivers\AMD PSP\
From what i seen there it has a tbaseprovisioning.exe.config that specify a local and remote accessible address if localhost is changed to my PC IP address (I've attached a screenshot of firewall warning after giving the web address to a friend)
<baseAddresses> <add baseAddress="http://localhost:8732/Design_Time_Addresses/RootPA/Service1/" /> </baseAddresses>
and also a strangely behavior CustomerDeskOperationsBehavior witch to me looks like spyware keylogger etc from the name.
<behavior name="CustomerDeskOperationsBehavior"> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> .
This looks like the discovered Intel remote execution backdoor
UPDATE 27.05.2017 : Used a digitalocean linux droplet to access the service on my windows pc