Security researchers say exploiting the vulnerability requires little technical
expertise, and can result in a hacker taking full control of an affected PC.
A vulnerability in Intel chips that went undiscovered for almost a decade allows
hackers to remotely gain full control over affected Windows PCs without needing a
The “critical”-rated bug, disclosed by Intel last week, lies in a feature of Intel’s
Active Management Technology (more commonly known as just AMT), which allows IT
administrators to remotely carry out maintenance and other tasks on entire fleets of
computers as if they were there in person, like software updates and wiping hard
drives. AMT also allows the administrator to remotely control the computer’s keyboard
and mouse, even if the PC is powered off.
To make life easier, AMT was also made available through the web browser —
accessible even when the remote PC is asleep — that’s protected by a password set by
The problem is that a hacker can enter a blank password and still get into the web
console, according to independent technical rundowns of the flaw by two security
Embedi researchers, credited with finding the bug, explained in a whitepaper posted
Friday that a flaw in how the default “admin” account for the web interface processes
the user’s passwords effectively lets anyone log in by entering nothing at the log-on
“No doubt it’s just a programmer’s mistake, but here it is: keep silence when
challenged and you’re in,” said the researchers.
Tenable researchers confirmed the findings in a detailed analysis of the flaw, also
posted Friday, saying it was relatively easy to remotely exploit.
Intel’s advisory said that systems — including desktops, laptops, and servers —
dating back as early as 2010 and 2011 and running firmware 6.0 and later are affected
by the flaw.
But Embedi warned that any affected internet-facing device with open ports 16992 and
16993 are at risk. “Access to ports 16992/16993 are the only requirement to perform a
successful attack,” said the Embedi researchers.
Since the disclosure, monitors have seen a spike in probing activity on the two
Intel so far hasn’t said how many devices are affected.
However, a search on Shodan, the search engine for open ports and databases, shows
more than 8,500 devices are vulnerable at the time of writing, with almost 3,000 in
the US alone — but there could be thousands more devices at risk on internal
In a statement, Intel said that it’s working with its hardware partners to address
the problem, and “expect[s] computer-makers to make updates available beginning the
week of May 8 and continuing thereafter.”
So far, Dell, Fujitsu, HP, and Lenovo have all issued security advisories and
guidance on when they will roll out fixes to their customers. Consumer devices aren’t
affected by the bug.
The chipmaker has also published a discovery tool to determine if machines are