My Intel Desktop Board DB75EN is affected by the AMT vulnerability.
I found a firmware update here:
https://www.intel.com/content/www/us/en/support/boards-and-kits/000024181.html Intel® Active Management Technology Escalation of Privilege Advisory...
However, when I try to install it, I encounter two problems.
First: I'm running Linux -- and the firmware update utility runs on Windows only. So is there also a utility available to update the FW under Linux?
As a workaround, I created a Windows 10 Recovery Drive (on a USB stick) and copied the update to that USB stick. I then booted the PC using that USB stick and tried to run the firmware update from within that Windows Recovery (WinPE) environment. I then got the following output:
D:\EN-FW-Update\EN-FW-Update-64bit>FWUpdLcl64.exe -f ME8_5M_Production.bin -generic
Intel (R) Firmware Update Utility Version: 188.8.131.526
Copyright (C) 2007 - 2013, Intel Corporation. All rights reserved.
Error 8743: Unknown or Unsupported Platform
Cannot locate hardware platform identification
This program cannot be run on the current platform.
Any idea why this does not work? And how to resolve it?
Thanks a lot for the suggestion. I created a USB boot disk with an Hiren boot image and tried using the 32-bit utility (FWUpdLcl.exe) to flash the ME firmware. However, I got the exact same output as before with the 64-bit utility (FWUpdLcl64.exe) under Windows 10 (recovery).
So it seems like the firmware update utility does not recognize my motherboard...?
Could it be related to the fact that the SKU Number and Family are not set?
See the following screenshots:
Okay, I finally fixed it. Others who may have the same issue can follow these steps to fix it:
- Download Hiren's BootCD 15.2 (from http://www.hirensbootcd.org/download/ Download Hiren's BootCD 15.2 | HBCD Fan & Discussion Platform)
- Follow this guide (http://broexperts.com/how-to-make-hirens-bootable-usb/ Easy Guide - How to Make Hirens Boot CD/USB Flash Drive) to create a bootable USB drive with the Hiren's BootCD image
- Download the Management Engine driver for this board (from https://downloadcenter.intel.com/download/22093/Intel-Management-Engine-Driver-5M-for-7-Series-Chips... Download Intel® Management Engine Driver (5M) for 7 Series Chipset-Based Intel® Desktop Boards)
- Download the Management Eingine firmware update for this board (from https://downloadcenter.intel.com/download/26829/Intel-Management-Engine-Firmware-8-x-Update-for-Inte... Download Intel® Management Engine Firmware 8.x Update for Intel® Desktop Board DB75EN, DQ77KB, DQ77CP, and DQ77MK)
- Unzip the files from points 4 & 5 and copy the extracted folders to the USB drive
- Boot the PC using the USB drive and choose menu option 'Mini Windows Xp'
- Check if you can see a C: drive with the folders that were copied under point 5. If not, reboot the PC and go back to point 6.
- Install the Management Engine driver. It failed after a while with an error code -- you can simply ignore it, the essential part of the driver has been installed anyway
- Now execute the firmware update utility (by running file FWUPDATE.BAT in folder EN-FW-Update-32bit)
- Wait until the firmware update completes and then reboot the PC. You can double check that the ME firmware was updated by pressing Ctrl-P during boot. You will then end up in the ME BIOS Extension and you should see the updated ME version: v184.108.40.20608)
Essential point that I skipped earlier, was to install the ME driver.
[sarcasm on]Thanks Intel, for mentioning that this driver is required to update the ME firmware. Also a big thanks for making an OS-agnostics update possible by releasing an updated BIOS for this board.[sarcasm off]