6 Replies Latest reply on Jun 21, 2017 7:13 PM by michael_a_intel

    Not able to unprovision AMT via bios or using ACUConfigure.exe

    Kabi

      Hi,

       

      As recently identified vulnerability issue with AMT vPro machines, I was trying to unprovision AMT using the "ACUConfigure.exe unconfigure", but fails because LMS service is not there in those machines, and tried doing unprovisioning it via BIOS but on all those machines default password 'admin' is not working, and in one machine I am getting "MEBx Login Error - Error applying new password", when it prompts for changing the password.

       

      Here's the situation

      - Machines which is AMT provisioned (Provision State=2), does not have LMS service, so when I run "ACUConfigure.exe unconfigure", it fails because of missing LMS service.

      - On machines having LMS service, AMT provision state is not 2.

      - Most of the machines having AMT provision state 2 are "DT research BU590", since "ACUConfigure.exe unconfigure" is not working, as LMS service is missing, tried unprovisioning it via BIOS, but default password is not working.

      - One machine - Thinkpad 460 with provision state 2, getting error while trying to change the password.

       

      Please let me know, how to unprovision AMT and remove / uninstall LMS.

       

      Also please confirm, if Provision state is 0, then it is unprovisioned.

       

      Thanks

      Kabilan

        • 1. Re: Not able to unprovision AMT via bios or using ACUConfigure.exe
          michael_a_intel

          Kabi

          Hi Kabilan,

           

          Please try using the Unprovisioning tool located here:

           

          https://downloadcenter.intel.com/download/26781/Intel-SA-00075-Unprovisioning-Tool

           

          Let us know if this works for you.


          Regards,

          Michael

          1 of 1 people found this helpful
          • 2. Re: Not able to unprovision AMT via bios or using ACUConfigure.exe
            MichaelLambert

            I have the same issue as Kabilan.  I tried running the Unprovisioning Tool.  I first ran the Discovery Tool on a machine and the Risk\Exposure status was 'Vulnerable\Exposed'.  I then ran the Unprovisioning Tool and received a successfully unprovisioned message.  I rebooted the computer and re-ran the Discovery Tool expecting to see that the computer was 'Not Vulnerable\Not Exposed' but it was still showing 'Vulnerable\Exposed'.  I've included the log messages from these tools, any ideas?

             

            Initial Discovery Tool Results:

            <System>

             

            <Application_Name>INTEL-SA-00075 Discovery Tool</Application_Name>

             

             

            <Application_Version>1.0.1.39</Application_Version>

             

             

            <Computer_Name>WCALABASL1</Computer_Name>

             

             

            <Scan_Date>5/26/2017 10:24:41 AM</Scan_Date>

             

             

            - <Hardware_Inventory>

             

             

            <Computer_Manufacturer>Hewlett-Packard</Computer_Manufacturer>

             

             

            <Computer_Model>HP rp5800</Computer_Model>

             

             

            <Processor>Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz</Processor>

             

            </Hardware_Inventory>

             

            - <ME_Firmware_Information>

             

             

            <ME_Version>7.1.52.1176</ME_Version>

             

             

            <ME_SKU>Intel(R) Standard Manageability</ME_SKU>

             

             

            <ME_Provisioning_State>Provisioned</ME_Provisioning_State>

             

             

            <ME_Driver_Installed>True</ME_Driver_Installed>

             

             

            <ME_EHBC_Enabled>False</ME_EHBC_Enabled>

             

             

            <LMS_State>Running</LMS_State>

             

             

            <MicroLMS_State>NotPresent</MicroLMS_State>

             

             

            <Control_Mode>Admin</Control_Mode>

             

             

            <Is_CCM_Disabled>False</Is_CCM_Disabled>

             

            </ME_Firmware_Information>

             

            - <System_Status>

             

             

            <System_Risk>Vulnerable</System_Risk>

             

             

            <System_Exposure>Exposed</System_Exposure>

             

            </System_Status>

            </System>

             

            Unprovisioning Tool Results:

            1:23:54 PM - INTEL-SA-00075 Unprovisioning Tool version 1.0.0.0025.

            1:23:54 PM -

            1:23:54 PM - Connecting to LMS....

            1:23:54 PM - Current Provisioning State: POST

            1:23:54 PM - Current Provisioning Mode: ACM

            1:23:54 PM - Available Modes: ACM, CCM

            1:23:54 PM -

            1:23:54 PM - Trying to unprovision.

            1:23:54 PM - Successfully unprovisioned.

            1:23:54 PM -

            1:23:54 PM - Done.

             

            2nd Discovery Tool Results:

            <System>

             

            <Application_Name>INTEL-SA-00075 Discovery Tool</Application_Name>

             

             

            <Application_Version>1.0.1.39</Application_Version>

             

             

            <Computer_Name>WCALABASL1</Computer_Name>

             

             

            <Scan_Date>5/30/2017 8:25:52 AM</Scan_Date>

             

             

            - <Hardware_Inventory>

             

             

            <Computer_Manufacturer>Hewlett-Packard</Computer_Manufacturer>

             

             

            <Computer_Model>HP rp5800</Computer_Model>

             

             

            <Processor>Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz</Processor>

             

            </Hardware_Inventory>

             

            - <ME_Firmware_Information>

             

             

            <ME_Version>7.1.52.1176</ME_Version>

             

             

            <ME_SKU>Intel(R) Standard Manageability</ME_SKU>

             

             

            <ME_Provisioning_State>Not Provisioned</ME_Provisioning_State>

             

             

            <ME_Driver_Installed>True</ME_Driver_Installed>

             

             

            <ME_EHBC_Enabled>False</ME_EHBC_Enabled>

             

             

            <LMS_State>Stopped</LMS_State>

             

             

            <MicroLMS_State>Running</MicroLMS_State>

             

             

            <Control_Mode>None</Control_Mode>

             

             

            <Is_CCM_Disabled>False</Is_CCM_Disabled>

             

            </ME_Firmware_Information>

             

            - <System_Status>

             

             

            <System_Risk>Vulnerable</System_Risk>

             

             

            <System_Exposure>Exposed</System_Exposure>

             

            </System_Status>

            </System>

            • 3. Re: Not able to unprovision AMT via bios or using ACUConfigure.exe
              michael_a_intel

              MichaelLambert

               

              I can see where you would be concerned with the results of running the discovery tool.  I've checked your system to see if it is vPro enabled and it is not.  Without vPro, there is no AMT and hence, you are not exposed to this vulnerability:

               

              Intel® Core™ i3-2120 Processor (3M Cache, 3.30 GHz) Product Specifications

               


              Regards,

              Michael

              • 4. Re: Not able to unprovision AMT via bios or using ACUConfigure.exe
                michael_a_intel

                Kabi

                Hi Kabi,

                 

                Apologies, my response was incomplete...to answer your question about provision state = 0.  This is "not provisioned"

                 

                Regards,

                Michael

                • 5. Re: Not able to unprovision AMT via bios or using ACUConfigure.exe
                  Kabi

                  Thanks for the reply, Unprovisioning tool works, but it needs user interaction, do you have an enterprise wide solution.

                   

                  And how to prevent AMT provisioning?, does AMT provisioning state switch from 0 to 2 automatically or under any specific circumstance?,

                   

                  If a machine having LMS service but AMT is unprovisioned, is it vulnerable?

                   

                  Thanks

                  Kabilan

                  • 6. Re: Not able to unprovision AMT via bios or using ACUConfigure.exe
                    michael_a_intel

                    Kabi

                     

                    Hi Kabilan,


                    I know this response is very late.  I seem to have missed this one and I apologize.

                     

                    Download INTEL-SA-00075 Detection and Mitigation Tool

                     

                    The latest version has a silent installation option.  You can see the syntax on page 3 of the .pdf included in the download.

                     

                    And how to prevent AMT provisioning?, does AMT provisioning state switch from 0 to 2 automatically or under any specific circumstance?,

                    AMT provisioning does not switch state automatically.

                     

                    If a machine having LMS service but AMT is unprovisioned, is it vulnerable?

                    The vulnerability on the system will not be fixed until the firmware has been updated.

                     

                    Regards,

                    Michael