The security hole involves enterprise IT management features in the chipmaker’s firmware Credit: REUTERS/Steve Marcus Intel is reporting a firmware vulnerability that could let attackers take over remote management functions on computers built over nearly the past decade.The vulnerability, disclosed on Monday, affects features in Intel firmware that are designed for enterprise IT management. Enterprises using Intel Active Management Technology, Intel Small Business Technology and Intel Standard Manageability on their systems should patch them as soon as possible, the company says.The vulnerable firmware features can be found in some current Core processors and all the way back to Intel’s first-generation Core, called Nehalem, which shipped in 2008. They’re part of versions 6.0 through 11.6 of Intel’s manageability firmware. No consumer PCs are affected, the company said. Nor are data-center servers running Intel Server Platform Services.Intel Active Management Technology is a feature in Core processors that lets organizations remotely track, manage and secure whole fleets of connected computers. For example, it can be used to monitor and repair retail checkout systems, digital signage and PCs at places like stores, offices and schools.Intel didn’t provide technical details of the vulnerability, but it said a hacker could use the flaw to take over the remote management functions.In an email, Intel said it learned about the vulnerability from a security researcher in March. “We are not aware of any exploitation of this vulnerability,” the company said.Intel said it has prepared a patch and is working with manufacturers to roll it out to users as soon as possible.Intel’s security advisory also lays out steps users can take to find out if they’re affected. For example, PCs built with its vPro technology will have the vulnerable Intel Active Management feature.In addition, the advisory has tips for what to do if there’s no firmware update available from the system manufacturer. Disabling or removing a Windows service called Local Manageability Service can mitigate the vulnerability, Intel said. Let us know what you think, head to our Facebook page. Related content news Baffle releases encryption solution to secure data for generative AI Solution uses the advanced encryption standard algorithm to encrypt sensitive data throughout the generative AI pipeline. By Michael Hill Sep 26, 2023 3 mins Encryption Encryption Encryption news CISOs are struggling to get cybersecurity budgets: Report In the latter part of Q4 2022, many CISOs reported that their approved 2023 budgets were being slashed as part of an overall budget tightening. By Shweta Sharma Sep 26, 2023 4 mins Budget Technology Industry feature What is WorldCoin's proof-of-personhood system? What does the blockchain, AI, and custom hardware system featuring a shiny, eye-scanning orb mean for the future of identity access management? By Matthew Tyson Sep 26, 2023 12 mins Cryptocurrency Authentication Identity Management Solutions opinion Preparing for the post-quantum cryptography environment today It’s a mistake to put off the creation of precautions against quantum threats, no matter how far in the future you might think quantum computing will become a reality. By Christopher Burgess Sep 26, 2023 5 mins CSO and CISO Encryption Threat and Vulnerability Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe