Intel Chip Flaw Lets Hackers Access Windows Devices Remotely (INTC, MSFT)
Intel Corp. (INTC
) the world’s largest supplier of semiconductors used in personal computers, disclosed last week a bug in its chips that let hackers remotely gain control of Windows PCs without the need for a password.In a security blog, Intel said the vulnerability, which went unknown for nearly a decade, resides in Intel’s Active Management Technology feature, otherwise known as AMT, that enables information technology administers to run maintenance, software updates and other tasks remotely on a bunch of computers. With AMT, the IT administrator can control the keyboard and mouse of the computer without having to be in front of it and even if the computer is shutdown. ZDNet said hackers are able to get access to the PCs simply by entering a blank password. ZDNet cited two research firms Emdei and Tenable which both identified the vulnerability in blog posts late last week as well.
In Intel’s advisory, the chip maker said the vulnerability covers desktops, laptops and servers from as early as 2010 and 2011 running firmware verision 6.0 and later. “There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products,” Intel wrote. (See also: Google’s Machine Learning Chips Beat Intel and Nvidia)
While it’s Intel’s chips that have the vulnerability, its undoubtedly a headache for Microsoft (MSFT
) since it’s impacting PCs, laptops, and servers running the Windows operating system and comes as researchers are identifying new flaws in Microsoft’s OS. (See more: Microsoft: Users Locked Out of Accounts Tuesday)In April, security researchers identified a new zero-day vulnerability in Microsoft’s Word text-editing application that enables hackers to install malware on unsuspecting victims computers. Zero-day refers to a security vulnerable that has gone unfixed. According to researchers at McAfee, the cybersecurity company, the security hole happens when a victim opens a fake Word document which in turn downloads a malicious HTML application that looks like a Rich Text document. The HTML application runs a script that can be used to install the malware. McAfee said the exploit works on all Microsoft Office versions, including Office 2016 running on Windows 10. The security firm said the earliest attacks on Word were spotted at the end of January.