- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it possible to ignore Exit Code 111 (The detected version of the Management Engine (ME) firmware is considered vulnerable for Intel-SA-00075. It is highly recommended that you upgrade your ME firmware.) during provisioning?
We want to deploy vPro on "older" Fujitsu desktop systems which don't recieve a ME / BIOS update to fix the vulnerability.
Thanks and regards
Patrick
Link Copied
8 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello PRhin,
Thank you for joining the community
The vulnerability fix is not mandatory to be performed in order for a system to be vPro provisioned. What I suspect is that in latest version of the Intel SCS (released after SA-00075) the pop up won't allow you to continue if older ME version is detected. But in case it will allow you to continue, you can certainly skip it.
If these systems are within a corporate network their risk of attack is much lower.
An alternate way would be to get a previous version of the SCS software which probably we should be able to get for you.
Please let us know how it goes.
Jose A.
Intel Customer Support Technician
Under Contract to Intel Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Jose
Thanks for your reply.
Is there any possibility to skip this check automatically during remote provisioning?
Thanks and regards
Patrick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello PRhin,
Do you have any further details, updates, questions or comments in regards to this issue?
This thread will be marked as resolved automatically in the next 72 hours if no activity is received.
Regards
Jose A.
Intel Customer Support Technician
Under Contract to Intel Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello PRhin,
Not that I am aware of. Now, when you say remote provisioning you mean you are using the ACU_Config tool from a RCS server?
I think a workaround could be to use an older version of the ACU_Config software back when the vulnerability was not discovered but I think its a bit difficult to find it. I will ask to our engineering department for any older version available.
Will get back to you as soon as I get updates
Regards
Jose A.
Intel Customer Support Technician
Under Contract to Intel Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PRHiner,
The following is the response we received from engineering:
"The vulnerability described in SA-00075 is considered a 'high severity' issue. Intel has removed the ability to configure systems that are not patched to mitigate the vulnerability to help ensure the best possible security for our customers.
Intel recommends that all customers work with their system manufacturers to obtain updates for impacted systems, or leave the AMT functions of impacted systems in an unprovisioned state."
Unfortunately there is no fix for older systems not receiving vulnerability patches.
Regards
Jose A.
Intel Customer Support Technician
Under Contract to Intel Corporation
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Jose
So Intel doesn't provide any fixes and removes the ability to use AMT? Great...
Thanks for the clarifications.
Regards
Patrick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi PRHiner,
Probably they prioritize security over functionality.
We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and create a new topic.
Jose A.
Intel Customer Support Technician
Under Contract to Intel Corporation
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page