Skip to main content

Intel AMT firmware suffers security flaw even when machines are off

8th gen intel core launch
Image used with permission by copyright holder
Another security vulnerability has been revealed that poses a significant risk for a number of PCs running Intel chipsets or processors. This one’s a bit different — and potentially more dangerous — than many other vulnerabilities in that it targets business-class systems in particular. It can also affect machines that aren’t even running.

The flaw, which exists in certain Intel chipset firmware versions utilized by some systems with vPro processors, affects the Active Management Technology, or AMT, feature. AMT lets administrators manage machines via remote connections, and the vulnerability allows attackers to bypass authentication and utilize the same capabilities, Ars Technica reports.

Recommended Videos

AMT is a part of the remote access features of some systems that allow remote access to a machine even when it’s shut down. As long as such a machine has power, it can by design be accessed with all the intended remote capabilities enabled.

Please enable Javascript to view this content

Intel designed AMT to demand a password before allowing remote access via web browser. Unfortunately, the flaw allows attackers to bypass the AMT system’s usual authentication requirement. Tenable Network Security, which has created what it characterizes as the first Intel AMT vulnerability detection capability, describes the flaw as follows:

” … we reduced the response hash to one hex digit and authentication still worked. Continuing to dig, we used a NULL/empty response hash (response=”” in the HTTP Authorization header). Authentication still worked. We had discovered a complete bypass of the authentication scheme.”

As Ars Technica points out, the issue is made even worse by the AMT feature’s design, in which network traffic is passed through the Intel Management Engine and to the AMT, bypassing the operating system. That means that there’s no record of unauthorized access.

Intel indicated in a blog post that PC manufacturers should be releasing patches for affected systems within the week. It also posts a tool to locate and diagnose vulnerable systems. Fujitsu, HP, and Lenovo have provided information on their own affected systems. So far, the Shodan security search engine has located more than 8,500 machines that are vulnerable to attack.

Updated on 5-10-2017 by Mark Coppock: Clarified that the flaw exists in certain chipset firmware and not inherent in Intel vPro processors and removed the incorrect reference to any empty text field being able to bypass AMT authentication.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
Apple’s upcoming Studio Display could mean worrying news for pro users
A person uses an Apple Mac Pro alongside three monitors and an editing console in a darkened room.

Just a few days ago, we found out that Apple is working on a new Studio Display with a mini-LED screen. Now, that idea seems to be confirmed, with highly accurate Bloomberg reporter Mark Gurman stating that this monitor should launch “by 2026.”

The Studio Display first saw the light of day in 2022, meaning there’s been a lengthy wait for updates. But that delay just highlights the problems with an even older Apple monitor: 2019’s Pro Display XDR.

Read more
Nvidia RTX 5080 vs. RTX 4080 Super
Fans on the RTX 5080.

The RTX 5080 didn't blow us away in our testing, but there's no denying that it's the second fast graphics card in the world, behind Nvidia's ludicrously-priced RTX 5090 halo card. Still, if you are sitting on a last-generation RTX 4080 Super, or found one at a good price second hand and are weighing up the pros and cons, it's useful to know how these cards compare.

So, let's take a look at the RTX 5080 and RTX 4080 Super, to see how the measure up.

Read more
Nvidia to expand RTX 50-series with more GPUs for budget gamers
Side view of the RTX 4060

Recent filings with the Eurasian Economic Commission (EEC) by popular GPU manufacturer Zotac (spotted by @harukaze5719 on X), have unveiled potential new additions to Nvidia's RTX 50-series lineup - the RTX 5050, RTX 5060, and RTX 5060 Ti. These registrations suggest that Nvidia is preparing to introduce budget-friendly options within its latest GPU series.

The RTX 5050 is particularly noteworthy, as it would mark Nvidia's potential return to the sub-$250 GPU market—a segment it hasn't actively targeted since the RTX 3050. The absence of a 50-class card in the RTX 40-series left a gap that was filled by older RTX 30-series GPUs and offerings from competitors. The introduction of the RTX 5050 could provide an affordable entry point for gamers seeking to leverage Nvidia’s latest technologies without a significant financial outlay.

Read more