As an update to this request for information, I found that even after running the mitigation tool against a device and taking the following three steps, unprovision (which it reported that it was never provisioned, as it should), disable client remote capabilities, and disable LMS services, and then re-running the discovery the device is still being reported as vulnerable. Is the mitigation tool not intelligent enough to determine that mitigation steps have been taken, or is there still a problem?
Again, thank you for any assistance.
This message was posted on behalf of Intel Corporation
My understanding from your post is that your goal is to not have to update the BIOS on 1500+ systems and that you have run the detection and mitigation tool for Intel SA-00075. While performing the mitigation steps will help, your systems will still be considered vulnerable (even when re-running the tool against mitigated systems) until the firmware update for SA-00075 has been applied.
I could not tell from your post if you use a central management tool in your environment, like SCCM. There are methods for performing queries of your environment to determine systems that are vulnerable and then create a task to update the firmware.
Referencing one post that might be helpful:
Please let me know if there is anything further I can assist with.