A researcher from F-Secure recently found a flaw in Intel’s Active Management Technology (AMT) which can allow an attacker to bypass security measures such as BIOS passwords, BitLocker credentials, and TPM pins.
The security bug can be used by attackers to gain access to corporate computers provisioned with Intel AMT, which is a CPU feature that allows system admins to perform remote out-of-band management without needing physical access to the device.
The researcher, Harry Sintonen said that the attacker can select the Intel Management Engine BIOS Extension (MEBx) for the boot-up routine, to bypass any previous BIOS, BitLocker, or TPM logins. Sintonen added that in most cases, “admin” would be the default MEBx password, which most companies do not bother to change.
Source: Bleeping Computer