Most people don’t realize that many PCs ship with essentially a second computer on their motherboard. In the case of Intel machines, it’s called the Intel Management Engine. It was put there to make lives easier on computer administrators who have to manage and maintain thousands of systems on a network.
The problem being that it’s literally its own subsystem, complete with its own processor and software that runs outside of the main processor and OS. So all that fancy anti-virus and security software you installed does zilch. Hell, you can power off your machine and they can still attack it through the Management Engine so long as it’s plugged in. And the Management Engine depends on software written by Intel, which, as we’ve seen in the past, hasn’t taken security or software seriously.
They’ve already had one or two big security holes exposed this year, which were hastily patched, but now they’re going back to apply more bandaids.
Of course, the issue is that the vast majority of users have no idea about this, that they need to patch it, or how to patch it. And, like Android phone manufacturers, each OEM will have to issue out their own firmware updates to patch their respective machines.