Unlike Meltdown and Spectre, a successful use of this vulnerability (unnamed) requires a physical access device. Harry Sintonen pointed out that this is still a serious defect, because hackers can break a system in less than a minute, and then connect it to the same network to control it remotely.
Even if there are other security measures (including the BIOS password, BitLocker, TPM Pin, or traditional antivirus software), the vulnerability can also be exploited. Sintonen indicates that although BIOS password usually prevents malicious behavior, Intel's AMT opens the door for another kind of attack. Eventually, attackers can access the system remotely.
By selecting Intel management engine BIOS extension (MEBx), they can use the default password "admin" to login, because users are unlikely to change the password. By changing the default password, an agile network crime has effectively destroyed the machine. Now an attacker can access the system remotely,
Full access to the damaged system allows hackers to read and modify data, and deploy malware on devices, though any security solution may be enabled. This kind of attack seems simple, but has unbelievable potential for destruction. In fact, even the most extensive security measures can allow local attackers to fully control personal work laptops.
Intel has not yet responded to the new vulnerability, but security companies suggest that users always carry laptops, set up strong passwords for AMT, and even completely disable this function.