5 Replies Latest reply on Oct 12, 2017 12:02 PM by Chris1Chambers

    Softpak deployment for Intel SA 00075

    Chris1Chambers

      I hope that you can help me as I am trying to work out the best way to ID and then install the SoftPak across my domain

      as I have multi different hardware types, and I am looking for the best solution to do this.

       

      So the path I am think is to use a IF Statement solution, which will ID the make and model of the hardware and then determine if it needs updating with the Intel Softpak,

      but I am not able to workout out how to find the Intel SA 00075 MEVersion or the ME VersionBuild.

       

      so far I have worked out the following ideal to collect the Make and Model of the workstation

       

             for /F "tokens=*" %%a in ('wmic csproduct get name') do set model=%%a

       

      but I am having issues with finding out how to find the INTEL ME side

       

            INTEL_SA_00075_ME.InformationMEVersion

           INTEL_SA_00075_ME.Information.MEVersionBuild

       

      as I would like to use the command in something like this

       

      if /I "%model%" == "Latituded E6410" and "%MEVersion%"  =="8.1.000"

      ( REM Then install latest SoftPak )

       

      any ideals on how to find the Intel information.

      I am also open to other ideals if you think doing it via a Bat file is not a  good ideal.

        • 1. Re: Softpak deployment for Intel SA 00075
          Intel Corporation
          This message was posted on behalf of Intel Corporation

          Hello Chris1Chambers,

           

          Thank you for bringing this matter to the Community. 

           

          I would like to have a better look at this matter, so could you please provide a detailed description of what you are trying to achieve? Please, also let us know your computer model, processor model and operating system.

           

          Regards,

          Amy C.

          • 2. Re: Softpak deployment for Intel SA 00075
            Chris1Chambers

            Hi Amy

             

            OK a detailed description: 

             

            ok I have been assigned the role to ID and then resolve the INTEL_SA-0075 issue across the corp domain which has about 4000 workstations and laptops.

            this mainly comprise of HP branded hardware.  have we have mix range of workstations from Z400, 6300, 600 ranges of workstations

             

            we have done the first stage and we have discovered that most if not all of the workstations and laptops are vulnerable to the Intel SA 00075. so now we are working on a way to deploy the Softpak

             

            the solution we are looking at is to deploy the softpak via a Bat file via SCCM to all of the devices,  so we are looking at the If Statement that

             

            if the workstation meets the right conditions for the If statement then it will update the softpak

            I am also looking at deploying a firmware update for the model of hardware

            then do some BIOS settings ( change the BIOS password, etc)

            then write a reference to a file to confirm the update.

             

             

            so at the moment I am not able to workout the ME Reference for Intel

            • 3. Re: Softpak deployment for Intel SA 00075
              Intel Corporation
              This message was posted on behalf of Intel Corporation

              Thanks for this Chris1Chambers.

               

              Please let me review this matter, as soon as I have more information I will update the thread.

               

              Regards,

              Amy C.

              • 4. Re: Softpak deployment for Intel SA 00075
                michael_a_intel

                Chris1Chambers

                 

                Hi Chris,

                 

                I'm hoping this is the same Chris that opened up a ticket where we assisted you with using console.exe to be able to collect the information on your vulnerable systems.  This is a very high level summary of the case, it was much more complex but just making sure this is you.

                 

                Regarding this thread, the filter you have created should already identify the vulnerable systems.  Next step is to create a task sequence with a WMI query to filter each individual model, like this:

                 

                 

                You can get all the different models here:

                Support Communication- Security Bulletin | HP® Official Site

                 

                Let me know if you need more information but I believe this should help.

                 

                Regards,

                Michael

                • 5. Re: Softpak deployment for Intel SA 00075
                  Chris1Chambers

                  Hi Michael

                   

                  thanks for the post, 

                   

                  the fun thing is that when you posted this I also worked out how to do this, but I did it via a collection and within this collection I added the WMI query, and then deployed a single Task Sequence for that model, but I like your way, as I was not looking for having a lot of  task sequences.

                   

                  I do have one question,  I have deployed the SoftPak to a workstation with the TS, and I have check that the SoftPak has been deployed via the smssts.log

                  then when I check SCCM, I see that it hasn't sync INTEL information,   I also have tried re-deploying the Intel-Console.exe discover Task Sequence and also doing a manual sync via the Config manager client but

                  I am just not able to get it to update the SCCM database.

                   

                  what am I doing wrong