Intel® NUCs
Assistance in Intel® NUC products
13292 Discussions

NUC8i5BEH CSME Version Detection Tool v7.0.1.0 -> This system is vulnerable

RvdH
New Contributor I
‎07-21-2022 04:30 AM
1,168 Views

 

System Name NUC8I5BEH
System Manufacturer Intel(R) Client Systems
System Model NUC8i5BEH
System Type x64-based PC
System SKU BOXNUC8i5BEH
Processor Intel(R) Core(TM) i5-8259U CPU @ 2.30GHz, 2304 Mhz, 4 Core(s), 8 Logical Processor(s)
BIOS Version/Date Intel Corp. BECFL357.86A.0089.2021.0621.1343, 21-6-2021

 

Preview file
21 KB
0 Kudos

Link Copied

10 Replies
DeividA_Intel
Moderator
‎07-22-2022 09:45 AM
1,143 Views

Hello RvdH,  


  

Thank you for posting on the Intel® communities. I am sorry to know that you are having issues with your Intel® NUC Kit NUC8i5BEH.  


  

In order to better assist you, please try the following:  



1. What is the operating system installed and its version (the report does not show it)?

2. Can you provide more details about the issue?

3. Do you have any issues or errors with the tool?

4. If you are getting any errors or alerts from the tool, can you get pictures?

5. How did you notice this vulnerability with the tool and when did it start?



Regards,  

Deivid A. 

Intel Customer Support Technician 


0 Kudos
Copy link
RvdH
New Contributor I
‎07-22-2022 10:04 AM
1,137 Views
In response to DeividA_Intel

1. What is the operating system installed and its version (the report does not show it)?

Both Windows 10 and Widows 11 (windows 11 SSU report attached)

2. Can you provide more details about the issue?

Uh, no it is simply what the CSME Version Detection Tool v7.0.1.0 reports back after running it

3. Do you have any issues or errors with the tool?

The tool works OK

4. If you are getting any errors or alerts from the tool, can you get pictures?

CSME.png

5. How did you notice this vulnerability with the tool and when did it start?

With the release of CSME Version Detection Tool v7.0.1.0, in previous version v6.0.1.0 i believe there was no vulnerability being reported

In response to DeividA_Intel
Preview file
33 KB
Preview file
191 KB
0 Kudos
Copy link
RvdH
New Contributor I
‎07-22-2022 10:54 AM
1,126 Views
In response to RvdH

On the first look of things, reading https://www.intel.com/content/www/us/en/support/articles/000031784/technologies.html i think this is caused either because ME 12.0.81.1753 or the CPU Micrcocode is outdated, right?

In response to RvdH
0 Kudos
Copy link
DeividA_Intel
Moderator
‎07-22-2022 03:49 PM
1,117 Views

Hello RvdH, 


Thanks for the information provided. Before I investigate this issue further, please confirm the following:


1. Can you confirm if you updated the Intel® Management Engine Consumer Driver to version 12.0.81.1753?

2. Can you confirm if you updated the BIOS using a BIOS recovery or if you already tried a BIOS recovery?



Regards,  

Deivid A.  

Intel Customer Support Technician  


0 Kudos
Copy link
RvdH
New Contributor I
‎07-22-2022 04:24 PM
1,111 Views
In response to DeividA_Intel

1. Can you confirm if you updated the Intel® Management Engine Consumer Driver to version 12.0.81.1753?

Intel Driver and Support assistent says all drivers are up to date, although on Windows 11 ME driver says version: 2102.100.0.1044

2. Can you confirm if you updated the BIOS using a BIOS recovery or if you already tried a BIOS recovery?

I don't remember... i think i updated it using the normal F7 method back in the day, is it worth trying using the BIOS recovery method?

 

But if it is a drivers/bios issue please explain why any version of the CSME Version Detection Tool prior to version 7.0.1.0 reported no vulnerabilities with the same driver/bios?

In response to DeividA_Intel
0 Kudos
Copy link
RvdH
New Contributor I
‎07-23-2022 05:25 AM
1,095 Views

Flashing the bios using the BIOS recovery method makes (as expected) no difference at all 

0 Kudos
Copy link
DeividA_Intel
Moderator
‎07-25-2022 11:25 AM
1,072 Views

Hello RvdH, 


  

Thank you for the information provided 


  

I will proceed to check the issue internally and post back soon with more details. 


 

Best regards, 

Deivid A.  

Intel Customer Support Technician 


0 Kudos
Copy link
Ronny_G_Intel
Community Manager
‎08-01-2022 08:44 AM
1,046 Views

Hello RvdH,


The CSME tool detects and compares Intel ME versions, if the version detected is not the latest and still vulnerable then it will display the message that you got. The release of new ME happens more frequently than BIOS releases so it is expected that the CSME tool will report "system still vulnerable" at a certain moment while BIOS has not been updated.

The next BIOS release for this platform is currently scheduled for late September, ME FW update is included in the coming update.

I will recommend that you wait for the next BIOS release and run the CSME tool again once the system is updated.


I hope this helps.


Regards,

Ronny G


0 Kudos
Copy link
RvdH
New Contributor I
‎08-01-2022 12:40 PM
1,035 Views
In response to Ronny_G_Intel

@Ronny_G_Intel 

Thank you for your feedback, i'll be monitoring the downloads section around that time

In response to Ronny_G_Intel
0 Kudos
Copy link
RvdH
New Contributor I
‎09-29-2022 08:25 AM
836 Views

Today i noticed a BIOS update was listed on top of this page: https://www.intel.com/content/www/us/en/products/sku/126148/intel-nuc-kit-nuc8i5beh/downloads.html 

 

BIOS Update [BECFL357] 9/22/2022, unfortunately this is still the old bios, eg: 0089 Dated: June 21, 2021

Someone forgot to update the binary?

Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.