Highlighted
Vedanishtha
Copper

INTEL-SA-00075 vulnerability

Jump to solution

 INTEL-SA-00075 Discovery Tool says my computer with intel vpro is vulnerable. Says contact manufacturer for firmware update.

7 Replies
ejn63
Diamond

RE: INTEL-SA-00075 vulnerability

Jump to solution

No one's going to be able to reply to a cryptic one-line post.

What model?  What OS?  Are you actively using AMT?

0 Kudos
Vedanishtha
Copper

RE: INTEL-SA-00075 vulnerability

Jump to solution

Dell Latitude E 6420 model.

came with Win 7 professional. I upgraded to Win 10.

Risk Assessment

Based on the version of the ME, the System is Vulnerable.

If Vulnerable, contact your OEM for support and remediation of this system.

For more information, refer to CVE-2017-5689 at: nvd.nist.gov/.../CVE-2017-5689 or the Intel security advisory Intel-SA-00075 at: security-center.intel.com/advisory.aspx

INTEL-SA-00075 Discovery Tool GUI Version

Application Version: 1.0.1.6

Scan date: 19-05-2017 19:07:10

Host Computer Information

Name: DELL-PC

Manufacturer: Dell Inc.

Model: Latitude E6420

Processor Name: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz

Windows Version: Microsoft Windows 10 Pro

ME Information

Version: 7.1.70.1198

SKU: Intel(R) Full AMT Manageability

State: Not Provisioned

Driver installation found: True

EHBC Enabled: False

LMS service state: NotPresent

microLMS service state: NotPresent

0 Kudos
ejn63
Diamond

RE: INTEL-SA-00075 vulnerability

Jump to solution

Since you're not using AMT, there's nothing to worry about.

Vedanishtha
Copper

RE: INTEL-SA-00075 vulnerability

Jump to solution

Thank you. How to determine that I am not using that? When intel discovery tool says "Vulnerable".

0 Kudos
ejn63
Diamond

RE: INTEL-SA-00075 vulnerability

Jump to solution

"not provisioned" means it's not being used.  If you're worried about it, uninstall the AMT driver -- that will fix it permanently (or until Dell releases a patched driver).

0 Kudos
samos1111
Silver

RE: INTEL-SA-00075 vulnerability

Jump to solution

When I was asking about this a while ago regarding my XPS 15 9550 which also tested positive with this tools for some reason, I also got very similar categorical denial from Dell at this forum. However, a few days later the BIOS update to 1.2.25 appeared on Dell support site, declaring a fix to the Management Engine.

I understand the most acute part of this vulnerabilty is indeed with AMT, a component of Intel vPro which is mostly included only with server- and workstation-grade Intel processors. Because it allowed connection without the password! But that a related update was also made to the thinner Management Engine, which is in practically all Intel chipsets since about 2008. The BIOS does provide for certain background administration functionality, but I haven't configured it. I guess the Intel windows LMT service interfacing the ME also needs an associated update.    

Funnily, after the BIOS update the Intel tool still found my laptop VULNERABLE, "based on the version of the ME". However, updating the tool to its most recent version 1.0.1.39 resulted in Not Vulnerable status.

0 Kudos
sojatech
Copper

RE: INTEL-SA-00075 vulnerability

Jump to solution

Yes, vulnerable until you can get a BIOS update from Dell. This is a chip on the main board and is active even when powered down, bypasses the OS. On boot up you can access the MEBx panel but you mainly only disable your access to it. Dwld the manual first. The password is admin.  New PWD mus be 8-12 char incl digit, cap and a !$   More info www.ssh.com/.../

In the meantime you can block ports block ports 16992, 16993, 16994, 16995, 623, 664 on your router.

0 Kudos