This post is more than 5 years old
3 Posts
1
5563
INTEL-SA-00075 vulnerability
INTEL-SA-00075 Discovery Tool says my computer with intel vpro is vulnerable. Says contact manufacturer for firmware update.
This post is more than 5 years old
3 Posts
1
5563
INTEL-SA-00075 Discovery Tool says my computer with intel vpro is vulnerable. Says contact manufacturer for firmware update.
Top
ejn63
9 Legend
9 Legend
•
87.5K Posts
1
May 19th, 2017 07:00
Since you're not using AMT, there's nothing to worry about.
ejn63
9 Legend
9 Legend
•
87.5K Posts
0
May 7th, 2017 08:00
No one's going to be able to reply to a cryptic one-line post.
What model? What OS? Are you actively using AMT?
Vedanishtha
3 Posts
0
May 19th, 2017 07:00
Dell Latitude E 6420 model.
came with Win 7 professional. I upgraded to Win 10.
Risk Assessment
Based on the version of the ME, the System is Vulnerable.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 at: nvd.nist.gov/.../CVE-2017-5689 or the Intel security advisory Intel-SA-00075 at: security-center.intel.com/advisory.aspx
INTEL-SA-00075 Discovery Tool GUI Version
Application Version: 1.0.1.6
Scan date: 19-05-2017 19:07:10
Host Computer Information
Name: DELL-PC
Manufacturer: Dell Inc.
Model: Latitude E6420
Processor Name: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Windows Version: Microsoft Windows 10 Pro
ME Information
Version: 7.1.70.1198
SKU: Intel(R) Full AMT Manageability
State: Not Provisioned
Driver installation found: True
EHBC Enabled: False
LMS service state: NotPresent
microLMS service state: NotPresent
Vedanishtha
3 Posts
0
May 19th, 2017 08:00
Thank you. How to determine that I am not using that? When intel discovery tool says "Vulnerable".
ejn63
9 Legend
9 Legend
•
87.5K Posts
0
May 19th, 2017 09:00
"not provisioned" means it's not being used. If you're worried about it, uninstall the AMT driver -- that will fix it permanently (or until Dell releases a patched driver).
samos1111
1 Rookie
1 Rookie
•
490 Posts
0
May 19th, 2017 15:00
When I was asking about this a while ago regarding my XPS 15 9550 which also tested positive with this tools for some reason, I also got very similar categorical denial from Dell at this forum. However, a few days later the BIOS update to 1.2.25 appeared on Dell support site, declaring a fix to the Management Engine.
I understand the most acute part of this vulnerabilty is indeed with AMT, a component of Intel vPro which is mostly included only with server- and workstation-grade Intel processors. Because it allowed connection without the password! But that a related update was also made to the thinner Management Engine, which is in practically all Intel chipsets since about 2008. The BIOS does provide for certain background administration functionality, but I haven't configured it. I guess the Intel windows LMT service interfacing the ME also needs an associated update.
Funnily, after the BIOS update the Intel tool still found my laptop VULNERABLE, "based on the version of the ME". However, updating the tool to its most recent version 1.0.1.39 resulted in Not Vulnerable status.
sojatech
2 Posts
0
May 26th, 2017 21:00
Yes, vulnerable until you can get a BIOS update from Dell. This is a chip on the main board and is active even when powered down, bypasses the OS. On boot up you can access the MEBx panel but you mainly only disable your access to it. Dwld the manual first. The password is admin. New PWD mus be 8-12 char incl digit, cap and a !$ More info www.ssh.com/.../
In the meantime you can block ports block ports 16992, 16993, 16994, 16995, 623, 664 on your router.