Hello all, -hope this is the correct place for my SA-00075-related questions.
I got my new used laptop (HP Elitebook 8770w) 15th of may. Installed clean Win7 64-b, and went on to load and update drivers. Found several that made me look closely at anything related to SA-00075, because it is a vPro system.
HP has a Patch for 00075 that I have applied:
- Intel Corporate Management Engine (ME) Firmware Component - Version: 18.104.22.16808
HP also has a BIOS update that I have applied:
- SOFTPAQ FILE NAME: SP79723.exe - BIOS VERSION: F.65 REV: A PASS: 1
I have run several of the recommended Intel diagnostics tools trying to determine wether my system now is safe and secure (preferably safe enough for me to start using ME / AMT), and the one that both confuses me the most and at the same time looks to give most useful information, is the "INTEL SA-00075 DiscoveryTool", that outputs this information:
Based on the version of the ME, the System is Check With OEM.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689
or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075
INTEL-SA-00075 Discovery Tool GUI Version
Application Version: 22.214.171.124
Scan date: 20.05.2017 13:44:05
Host Computer Information
Model: HP EliteBook 8770w
Processor Name: Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz
Windows Version: Microsoft Windows 7 Professional
Provisioning Mode: None Detected
Control Mode: None
Is CCM Disabled: Unknown
Driver installation found: False
EHBC Enabled: False
LMS service state: NotPresent
microLMS service state: Running
I gather the status: "Check with OEM" means Intel cant confirm HPs Patch for ME is fixing the 00075. Neither does HP supply me with a probing tool that lets me know 00075 is fixed after Patch. Would anyone share their take on wether I can assume "Check with OEM" means Im ok as long as i Patched according to OEM?
Second, and more important (to me anyway) question:
I have not installed or started a service called "microLMS". I can not find it (or info about it) in the registry or in any documentation available to me (locally, from HP, here on intel site, or in google). I have found that one version of this "microLMS" is placed in the extraction-folder tor the Intel SA Discovery Tool, and I have found another, much larger file online from Mesh Commander / Intel Mesh / Mesh Central (MeshCentral ). Both are called "Mesh Agent Service", -one signed by "MasterRoot" and one signed "Intel". I quess the first of these is a Beta version Intel Mesh Central use for web UI, and the second one extracted by Discovery tool is some "full version" of this small LMS service. The one Mesh Central / Mesh Commander use is afaik (and according to Ylian @ intel / meshcentral) just a port forwarding tool for integration between AMT and Web UI / Meshes. What the Intel signed smaller one is, I have no idea.
Screenshots of the two "microLMS" exes properties:
And (tadaaa...) my question is:
Is there an actual service running on my computer called "microLMS"? Does the Discovery tool from Intel invoke it from its own directory upon start of Tool for some kind of auditing purpouse? Is it used to confirm port binding of some sort and thus the last line in the result from the Discovery tool stating "microLMS service state: Running", does not mean a LMS service is actually running on my system?
As I said, I can not for the life of me find a service through Windows GUI that remotely looks like it is called "Mesh agent service", Meshagent, microLMS, or anything containing those words. Nor have I installed anything other than drivers and updates to the fresh (as of 15. may 2017) Windows 7 64-bit Pro. If I have a service running, I would love to know where it originated from (how it even came to reside on my s\ystem), If I can disable it, but maybe more importantly if it is an actual indication of a running service that I may or may not want.
Sorry this post may be a bit long. I am trying to relay enough information for anyone to maybe understand me, and I am not very versed in many of the (to me) complex IT-systems-related terms I suddenly find I am kind of forced to understand in order to make my new (used of course) HP Elitebook 8770w actually be mine to administer