Hackers may be able to use Intel's Active Management Technology (AMT) to bypass Windows' built-in firewall rendering it completely useless in detection of malware and ransomware.
AMT allows remote access to networks or computers enabling administrators to easily install programs like an operating system on a remote computer. A hacking group known as PLATINUM has reportedly figured how to use AMT's low-level firmware for injecting potential malware into Windows systems.
Reacting to the discovery Microsoft said: "We have shared information with Intel, and the two companies collaborated to analyse and better understand the purpose and implementation of the tool. The tool did not expose vulnerabilities in the management technology itself, but rather misused AMT SOL within target networks... to keep communication stealthy and evade security applications."
As of now, only a handful of computers within organisational networks in Southeast Asia have been targeted by the vulnerability. However, the hacker group is known to modify its hacking tools based on the network architecture of targeted organisations, indicating it could hit many more systems.
For the attack to take place the AMT has to be enabled to connect to the remote network so in case it is switched off, there is no way hackers can exploit it. Microsoft says the Windows Defender Advanced Threat Protection is enough to detect such malicious injections and reiterates that the PLATINUM tool does not expose flaws in Intel's AMT, but exposes an already compromised network to evade security monitoring tools.