Intel has just patched a critical vulnerability in its vPro processors , and worryingly this flaw has existed for no less than seven years. It can also affect machines that aren’t even running.
The flaw, which exists in Intel vPro processors, affects the Active Management Technology, or AMT, feature. AMT lets administrators manage machines via remote connections, and the vulnerability allows attackers to bypass authentication and utilize the same capabilities, as Ars Technica reports.
The average user needn’t worry about this, as it doesn’t affect Intel’s CPUs aimed at consumers, but business users with PCs or servers running vPro processors and utilising Intel’s AMT service have apparently been open to exploit for the best part of a decade.
Intel said the problem affected Intel’s manageability firmware from version 6.x through to 11.6, but not versions before or after these.
Intel indicated in a blog post that PC manufacturers should be releasing patches for affected systems within the week. It also posts a tool to locate and diagnose vulnerable systems. Fujitsu, HP, and Lenovo have provided information on their own affected systems. So far, the Shodan security search engine has located more than 8,500 machines that are vulnerable to attack.