I'm looking for a way to patch the INTEL-SA-00075 vulnerability on our Optiplex 790 computers without updating to A19 BIOS, as A18 and A19 break PXE boot.
I've gone through the steps in the INTEL_SA-00075 Detection and Mitigation Guide, but it's still showing the computers as vulnerable.
I've run the following commands:
The output of the above commands now running them a second time to verify they took is (in same order as above):
-Unprovision error: Intel(R) AMT is already unconfigured on this system.
-DisableClientControlMode: This Intel(R) AMT device does not support Client Control mode.
After successfully running those and rebooting, this is the output of Intel-SA-00075-console.exe -Discover:
Starting internal MicroLMS.
INTEL-SA-00075 Discovery Tool
Application Version: 22.214.171.124
Scan Date: 2017-07-10 12:29:13
*** Host Computer Information ***
Computer Name: [redacted]
Manufacturer: Dell Inc.
Model: OptiPlex 790
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Windows Version: Microsoft Windows 7 Professional
*** ME Information ***
SKU: Intel(R) Standard Manageability
State: Not Provisioned
Driver installed: True
Control Mode: None
Is CCM Disabled: True
EHBC Enabled: False
LMS state: NotPresent
MicroLMS state: NotPresent
*** Risk Assessment ***
Based on the analysis performed by this tool, this system is vulnerable.
The detected version of the Management Engine firmware is considered vulnerable
If Vulnerable, contact your OEM for support and remediation of this system.
*** For more information ***
Refer to CVE-2017-5689 at:
or the Intel security advisory Intel-SA-00075 at:
Any ideas how we can get these computers to "not vulnerable"?
I have sent this issue to the Desktop L3 team for review. This could take awhile. I have not seen any workarounds from us or customers on this Forum. Until they release a new BIOS, you have to either live with PXE and without INTEL-SA-00075 fix or vice versa.