4 Replies Latest reply on Aug 13, 2017 8:06 PM by ZTan

    Intel vulnerability still detected after upgrade to ME version 11.7.0.1229

    ZTan

      Good day,

       

      I am writing from Keysight Technologies, and our team is currently working on a custom-developed motherboard that went through the Intel AMT vulnerability problem. According to Intel® Product Security Center , upgrading the ME version to any versions newer than 11.6 should patch up the vulnerability, however despite upgrading to ME version 11.7.0.1229, the Intel SA detection tool still returns a "Vulnerable" status. Any chance that the detection tool application (version 1.0.2.116) returns an erroneous status, or is ME version 11.7.0.1229 really still vulnerable?

       

      Snapshot of the results attached below:

      Risk Assessment

      Based on the analysis performed by this tool, this system is vulnerable

       

      Explanation:

      The detected version of the Management Engine firmware is considered vulnerable for INTEL-SA-00075.

       

      If Vulnerable, contact your OEM for support and remediation of this system.

      For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689

      or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075

       

      INTEL-SA-00075 Detection Tool

      Application Version: 1.0.2.116

      Scan date: 2017-07-24 14:18:52

       

      Host Computer Information

      Name: KEYSIGH-SKS1OJL

      Manufacturer: Default string

      Model: Default string

      Processor Name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz

      Windows Version: Microsoft Windows 10 Enterprise 2016 LTSB

       

      ME Information

      Version: 11.7.0.1229

      SKU: Intel(R) Full AMT Manageability

      Provisioning Mode: Not Provisioned

      Control Mode: None

      Is CCM Disabled: False

      Driver installation found: True

      EHBC Enabled: False

      LMS service state: Stopped

      microLMS service state: NotPresent

       

       

      Looking forward to your reply.

       

      Thanks and regards,

      Z.Tan