topic Re: Re:Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities in Mobile and Desktop Processors

Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities

Blitter — Mon, 06 Jan 2025 10:01:43 GMT

Hello All,

I have a question that relates to the post below:
https://community.intel.com/t5/Processors/OpenSSL-vulnerability-in-icls-driver-version-1-71-99-0/td-p/1597144

Our Microsoft Defender console is telling us that the ICLSClient (Part of the Intel Management Engine) is installing vulnerable drivers (location varies depending on version of the Intel Management Engine but the latest version installs the following:
c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_c25dbc60ad3b371a\lib\libcrypto-3-x64.dll
c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_c25dbc60ad3b371a\lib\libssl-3-x64.dll

These files report as version 3.0.14.0.

Microsoft Defender is flagging these files under the following CVE's:
CVE-2024-5535
CVE-2024-6119

Can I check, is the ICLSClient vulnerable to the above CVE's or are they not applicable?

If they are applicable, is there a version of the Intel Management Engine / ICLSClient that has updated non-vulnerable versions of the libcrypto-3-x64.dll and libssl-3-x64.dll files.

Microsoft Defender is reporting the following versions of these files as vulnerable as of today:
Openssl versions 3.0.0 (including) up to 3.0.15 (excluding)
Openssl versions 3.1.0 (including) up to 3.1.7 (excluding)
Openssl versions 3.2.0 (including) up to 3.2.3 (excluding)
Openssl versions 3.3.0 (including) up to 3.3.2 (excluding)

If you have any queries, please let me know.

Re:Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities

Mike_Intel — Thu, 09 Jan 2025 00:36:07 GMT

Hello Blitter,

Thank you for posting in Intel community Forum.

For me to further check this, please help provide the following details:

What is your Operating system?
What is the complete model of your processor?
Can you tell us more about this inquiry?

If you have questions, please let us know. Thank you.

Best regards,

Michael L.

Intel Customer Support Technician

Re: Re:Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities

Blitter — Thu, 09 Jan 2025 14:36:36 GMT

Hello, answers below:

1. This is on Windows 10 and Windows 11 operating systems.

2. This appears be relatively processor agnostic, seemingly affecting i5's and above. Example processors on affected device include but are not limited to:
Intel Intel(R) Core(TM) i5-8365U CPU @ 1.60GHz
Intel Intel(R) Core(TM) i5-8500 CPU @ 3.00GHz
Intel Intel(R) Core(TM) i5-9500 CPU @ 3.00GHz
Intel Intel(R) Core(TM) i5-10310U CPU @ 1.70GHz
Intel 11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz
Intel 13th Gen Intel(R) Core(TM) i5-1345U

3. We're trying to determine if the CVE's below are applicable to the Intel ICLSClient software which is part of the Intel Management Engine, or alternative confirm if this software can be removed without any ill effects.:
CVE-2024-5535
CVE-2024-6119

Re:Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities

Mike_Intel — Tue, 14 Jan 2025 00:27:17 GMT

Hello Blitter,

Thank you for the update.

Upon checking your inquiry, you need to send an email to secure@intel.com to report this issue.

Kindly refer to the link below for the rest of the details:

https://www.intel.com/content/www/us/en/support/articles/000056781/programs/intel-corporation.html

If you have questions, please let us know. Thank you.

Best regards,

Michael L.

Intel Customer Support Technician

Re:Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities

Mike_Intel — Thu, 16 Jan 2025 23:30:00 GMT

Hello Blitter,

I hope this message finds you well.

Were you able to check the previous post?

Please let us know if you still need assistance.

Best regards,

Michael L.

Intel Customer Support Technician

Re: Re:Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities

Blitter — Fri, 17 Jan 2025 07:57:59 GMT

Thanks Michael,

I can see the Intel Management Engine has been updated with newer versions of this dll so all good.

Re:Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities

Mike_Intel — Mon, 20 Jan 2025 00:03:47 GMT

Hello Blitter,

Thank you for the update and I am glad that the issue is now fixed.

Since everything is good, I need to close this inquiry.

If you need further assistance, please post a new question as this thread will no longer be monitored.

Thank you and have a great day.

Best regards,

Michael L.

Intel Customer Support Technician

Re: Intel Management Engine / Iclsclient - libcrypto/libssl vulnerabilities

NiKiZe — Tue, 08 Apr 2025 19:26:47 GMT

Unfortunately Intel is still behind on releasing up2date drivers, and the worst part is that there is no real guidance on this from intel.

But for now it is possible to at least make Defender happy but installing exactly the right drivers.

I will keep this writeup updated as best as I can.