A critical vulnerability in its chips Intel που ανακαλύφθηκε πριν από σχεδόν μια δεκαετία επιτρέπει στους hackers να αποκτήσουν τον πλήρη έλεγχο computers Windows που επηρεάζονται χωρίς να χρειάζονται κωδικό accesss.
The vulnerability revealed by Intel and marked as critical last week is Intel's Active Management feature (also known as AMT), which allows administrators to remotely run computers.
AMT also allows the administrator to remotely control the keyboard and the computer mouse, even if the computer is turned off.
AMT is also accessible through the browser even when the remote computer is on Sleep. Προστατεύεται δε από έναν κωδικό access set by the administrator.
The problem is that one hacker μπορεί να εισάγει έναν κενό κωδικό πρόσβασης και να αποκτήσει πλήρη δικαιώματα στην console web, according to independent technical analyzes by two security research labs.
Embedi researchers, who found the error, explained one white paper who posted on Friday that the flaw exists because the default “admin” account for the web interface can log in without the codeof user access.
Intel has so far not mentioned how many systems are affected.
However, one search on Shodan, the open port search engine and database, shows that more than 8.500 devices are currently vulnerable, with 3.000 in the US alone. But there could be thousands of other compromised devices on internal networks.
In a statement, Intel said it was working with partners to address the issue and "expects officials to make updates available from the beginning of the week on May 8."
So far, the DellThe FujitsuThe HP, And the Lenovo have issued tips security with instructions on when they will fix the vulnerability. Consumer devices are not affected by the bug.
Intel also published one tracking tool to determine if your systems are affected.