But once they had re-configured AMT, they could effectively "backdoor" the machine and then access the device remotely, by connecting to the same wireless or wired network as the user, F-Secure said.
He continued: "In practice, it can give an attacker complete control over an individual's work laptop, despite even the most extensive security measures".
"The security issue "is nearly deceptively simple to exploit, but it has incredible destructive potential", said Sintonen".
Earlier experts identified a vulnerability in Intel processors that allows attackers to access files and data stored in the kernel's memory.
AMT is maintenance software built into Intel's vPro platform that can be used to remotely manage PCs. In fact, it's one of the first things I would expect an attacker to try, if said person had even a basic concept of what functions like AMT and the Intel Management Engine can be configured to do.
F-Secure said it is highlighting the issue to raise awareness so that organisations can mitigate the problem and improve security in the real world.
For more details, see F-Secure's FAQ on the flaw.
It's starting to look like AMT is not just a headache for consumers-for no good reason, considering they have no use for it-but also a serious issue for enterprise customers.
"Organizations with Microsoft environments and domain connected devices can also take advantage of the System Center Configuration Manager to provision AMT", said F-Secure.
In this case, however, the attacker has a workaround: AMT. This guidance (PDF) was updated and reiterated last November.
How does the attack work?
In short, setting a BIOS password won't help and once someone has access, you can't kick them out.
An attacker would initially need physical access to the device in question.
Intel Critical Flaw Identified in Intel Processors
A BIOS password normally prevents an unauthorized user from making low-level changes to a device.
Adjust the system provisioning process to include setting a strong AMT password, or disabling AMT completely, where possible. Alternately, disable AMT on the device.
Go through all now deployed devices and configure the AMT password or disable the functionality altogether. "If the password is already set to an unknown value consider the device suspect and initiate incident response procedure", it says. These enable attackers to bypass both user and BIOS passwords.
"We reached out to Intel last summer". F-Secure has contacted manufacturers about the issue. "We wanted to give ample time for vendors and Intel to implement changes".
The Intel AMT is created to allow administrators to access and update PCs, even if those PCs are turned off.
The exploit is however not as bad as Meltdown and Spectre since the former requires physical access to the device, but it's still a critical flaw as a system could be compromised in a couple of minutes.
Harry Sintonen, a senior security consultant at F-Secure, led the research. In October 2017, Parth Shukla, a security researcher at Google, also detailed the flaws in a Luxembourg conference presentation. A similar vulnerability, related to USB provisioning, was previously uncovered by CERT-Bund.
"Intel has provided recommendations to system manufacturers in September 2015 to protect the Intel MEBx with the system BIOS password", it says.
Intel AMT is shipped in various states (enabled or disabled by default) depending on the laptop/desktop OEM's policy.
These are not the first AMT security problems to have been discovered. It exists within Intel's Active Management Technology (AMT) and potentially affects millions of laptops globally.
AMT is no stranger to security weaknesses, with many other researchers finding multiple flaws within the system, but Sintonen's discovery surprised even him.
And more to the point, this is an easily resolved flaw.
Intel pushed a firmware fix to OEMs, which have been releasing updated firmware to users.