Hello Z. Tan,
Thanks you for reaching out to us with this concern. We would like to clarify the points that you have raised.
First, it is important to recognize that the ME 220.127.116.119 build is a pre-production firmware build. The security advisory that you referenced does state “Versions before 6 or after 11.6 are not impacted.” However, the intended scope of this statement is that it applies to production ME firmware builds that are released through official Intel channels. Intel highly recommends that system integrators do not use pre-production firmware builds in production systems.
Additionally, note that the Intel SA-00075 detection tool is reporting correctly, because the ME18.104.22.1689 build does contain the SA-00075 vulnerability. The SA-00075 vulnerability was resolved for the production release of the 11.7 code branch.
Thank you for clarifying that the SA-00075 vulnerability will be resolved for the production release of the 11.7 code branch. Our development team will continue with the pre-production release until our product is released, and your developers may marked this as resolved.
Thanks and regards,