Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2834 Discussions

AMT Provisioning - Exit Code 111

PRhin
Beginner
‎04-18-2019 07:51 AM
1,248 Views

Is it possible to ignore Exit Code 111 (The detected version of the Management Engine (ME) firmware is considered vulnerable for Intel-SA-00075. It is highly recommended that you upgrade your ME firmware.) during provisioning?

 

We want to deploy vPro on "older" Fujitsu desktop systems which don't recieve a ME / BIOS update to fix the vulnerability.

 

Thanks and regards

Patrick

 

0 Kudos

Link Copied

8 Replies
JoseH_Intel
Moderator
‎04-19-2019 12:07 AM
766 Views
Hello PRhin, Thank you for joining the community The vulnerability fix is not mandatory to be performed in order for a system to be vPro provisioned. What I suspect is that in latest version of the Intel SCS (released after SA-00075) the pop up won't allow you to continue if older ME version is detected. But in case it will allow you to continue, you can certainly skip it. If these systems are within a corporate network their risk of attack is much lower. An alternate way would be to get a previous version of the SCS software which probably we should be able to get for you. Please let us know how it goes. Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
Copy link
PRhin
Beginner
‎04-23-2019 11:19 AM
766 Views
In response to JoseH_Intel

Hello Jose

 

Thanks for your reply.

 

Is there any possibility to skip this check automatically during remote provisioning?

 

Thanks and regards

Patrick

In response to JoseH_Intel
0 Kudos
Copy link
JoseH_Intel
Moderator
‎04-22-2019 11:23 PM
766 Views
Hello PRhin, Do you have any further details, updates, questions or comments in regards to this issue? This thread will be marked as resolved automatically in the next 72 hours if no activity is received. Regards Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
Copy link
JoseH_Intel
Moderator
‎04-24-2019 12:28 AM
766 Views
Hello PRhin, Not that I am aware of. Now, when you say remote provisioning you mean you are using the ACU_Config tool from a RCS server? I think a workaround could be to use an older version of the ACU_Config software back when the vulnerability was not discovered but I think its a bit difficult to find it. I will ask to our engineering department for any older version available. Will get back to you as soon as I get updates Regards Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
Copy link
PRhin
Beginner
‎04-26-2019 06:13 AM
766 Views
In response to JoseH_Intel

All right, thank you!

In response to JoseH_Intel
0 Kudos
Copy link
JoseH_Intel
Moderator
‎04-29-2019 11:41 PM
766 Views
Hi PRHiner, The following is the response we received from engineering: "The vulnerability described in SA-00075 is considered a 'high severity' issue. Intel has removed the ability to configure systems that are not patched to mitigate the vulnerability to help ensure the best possible security for our customers. Intel recommends that all customers work with their system manufacturers to obtain updates for impacted systems, or leave the AMT functions of impacted systems in an unprovisioned state." Unfortunately there is no fix for older systems not receiving vulnerability patches. Regards Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
Copy link
PRhin
Beginner
‎04-30-2019 06:23 AM
766 Views
In response to JoseH_Intel

Hi Jose

 

So Intel doesn't provide any fixes and removes the ability to use AMT? Great...

 

Thanks for the clarifications.

 

Regards

Patrick

In response to JoseH_Intel
0 Kudos
Copy link
JoseH_Intel
Moderator
‎05-01-2019 05:22 AM
766 Views
Hi PRHiner, Probably they prioritize security over functionality. We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and create a new topic. Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.