from Hacker News

Intel vPro CPUs have a web server open

by pixiemaster on 7/23/24, 9:06 AM with 23 comments

  • by kllrnohj on 7/23/24, 12:59 PM

    This is literally an above-the-fold advertised feature of vPro:

    > Remote Manageability

    > Remotely power up, update, and repair PCs outside of the firewall, even if they’re out-of-band1, to help your users from virtually anywhere.

    https://www.intel.com/content/www/us/en/now/itheroes.html

    > With features like hardware-level remote keyboard, video, and mouse control (KVM)1 3 Intel AMT allows you to discover, repair, and help protect networked computing assets as easily as if working in person.

    https://www.intel.com/content/www/us/en/architecture-and-tec...

    Morale of the story here seems to be to actually bother to spend 5 seconds figuring out what you bought?

  • by jstanley on 7/23/24, 12:52 PM

    But if it's on localhost, how does the management engine get a chance to reply?

    Are you sure you're not actually talking to some Windows service?

    EDIT: From reading further in the Twitter thread, it is indeed a Windows service you're talking to.

  • by kstenerud on 7/23/24, 1:05 PM

    Yup. I used that feature for many years to remote manage a file server at my folks place. Works great! Just don't expose it directly to the outside world.

    Nowadays I'd probably turn it off and use pikvm instead, though.

  • by ram_rattle on 7/23/24, 12:47 PM

    can someone help understand why this is there and perhaps what threat it introduces.

  • by oefrha on 7/23/24, 1:05 PM

    No shit, AMT is literally the point of vPro. Why present it as some sort of conspiracy? Don’t buy enterprise hardware if you don’t like the enterprise features, I guess.