[MichaelGG]

Sure but they'd be affected regardless, due to enabling a remote management system. All I'm asking is if there's any real damage because this is built in by Intel. If Intel didn't ship this, then OEMs would, just like e.g. Dell DRAC, right? And that'd have the same attack surface.

[Crespyl]

I'm not familiar with DRAC, but if it's something added by an OEM wouldn't it have to be in the UEFI/BIOS layer or higher?

AMT/ME and its ilk are a physical coprocessor built into the CPU, whether it's "enabled" or not, not something that can be added or removed after the fact.

[qb45]

For now it's just that, remote management authentication bypass. Whether the ability to power up your machine at night and install Windows Millenium Edition for the lulz qualifies as "real damage" is up to you I guess :)

Anyway, you can't do anything Intel's management software doesn't normally support because this would require gaining arbitrary code execution on the ME and it's not what this exploit is about.

[AnimalMuppet]

But, IIUC, this has more power once exploited.