Recently, a new potentially dangerous vulnerability was discovered in Intel processors that targets business class systems. This vulnerability even affects machines that are not running.
The flaw was found in Intel vPro processors and affects the Active Management Technology or AMT. This feature of Machines allows IT administrators to remotely carry out maintenance and other tasks on the computers.
TO give more powers to IT administrators, AMT was made available through a browser and was even accessible when remote PC is asleep. Intel designed AMT to ask for the password before allowing remote access via a browser.
These are the primary tasks one can do:
- Remote control of mouse/keyboard/monitor
- Remotely change the boot device
- Power on and off as well as reboot and reset the computer
The existing flaw allows attackers to use any text string to bypass the authentication requirement. So, a hacker can easily bypass authentication and utilize the same capabilities available in AMT. For the successful attack, the only requirement is the access to ports 16992/16993
Intel’s advisory confirmed that systems dating back 2010 and 2011 and running on firmware 6.0 and later are affected by the flaw. It shows that the systems were at risk for around seven years. Intel didn’t confirm how many devices are affected, but it was reported that around 8500 devices are vulnerable.
Intel itself rated this as highly critical vulnerability and released the new firmware versions. Intel confirmed that PC manufacturers will release the patch within a week for affected systems. Dell, Fujitsu, HP, and Lenovo have all issued security advisories and have issued the guidance on when they will release the fix.
Consumer devices are not affected by this flaw. If you are worried to know whether your system is affected, you can use the Intel’s discovery tool.
