A critical vulnerability in Intel chips discovered nearly a decade ago allows hackers to gain full control of affected Windows computers without needing a password.
The vulnerability disclosed by Intel and classified as critical last week lies in the feature Intel's Active Management (also known as AMT), which allows administrators to remotely perform maintenance on computers.
AMT also allows the administrator to remotely control the keyboard and mouse of the computer, even if the computer is off.
AMT is also accessible through the browser even when the remote computer is in sleep mode. It is protected by a password set by Admin.
The problem is that one hacker μπορεί να εισάγει έναν κενό κωδικό πρόσβασης και να αποκτήσει πλήρη δικαιώματα στην κονσόλα ιστού, σύμφωνα με ανεξάρτητες τεχνικές αναλύσεις από δύο εργαστήρια έρευνας ασφαλείας.
Embedi researchers, who found the error, explained one white paper who posted on Friday that the flaw exists because the default “admin” account for the interface web can be connected without the user's passwords.
Intel has so far not mentioned how many systems are affected.
However, a search on Shodan, the search engine for open ports and databases, shows that more than 8.500 devices are vulnerable at this time, with 3.000 only in the US. But there could be thousands of other devices at risk on internal networks.
In a statement, Intel said it was working with partners to address the issue and "expects officials to make updates available from the beginning of the week on May 8."
So far, the DellThe FujitsuThe HP, And the Lenovo have issued safety tips with instructions on when to fix the vulnerability. Consumer devices are not affected by the error.
Intel also published one tracking tool to determine if your systems are affected.