Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2921 Discussions

AMT Provisioning - Exit Code 111

PRhin
Beginner
1,708 Views

Is it possible to ignore Exit Code 111 (The detected version of the Management Engine (ME) firmware is considered vulnerable for Intel-SA-00075. It is highly recommended that you upgrade your ME firmware.) during provisioning?

 

We want to deploy vPro on "older" Fujitsu desktop systems which don't recieve a ME / BIOS update to fix the vulnerability.

 

Thanks and regards

Patrick

 

0 Kudos
8 Replies
JoseH_Intel
Moderator
1,226 Views
Hello PRhin, Thank you for joining the community The vulnerability fix is not mandatory to be performed in order for a system to be vPro provisioned. What I suspect is that in latest version of the Intel SCS (released after SA-00075) the pop up won't allow you to continue if older ME version is detected. But in case it will allow you to continue, you can certainly skip it. If these systems are within a corporate network their risk of attack is much lower. An alternate way would be to get a previous version of the SCS software which probably we should be able to get for you. Please let us know how it goes. Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
PRhin
Beginner
1,226 Views

Hello Jose

 

Thanks for your reply.

 

Is there any possibility to skip this check automatically during remote provisioning?

 

Thanks and regards

Patrick

0 Kudos
JoseH_Intel
Moderator
1,226 Views
Hello PRhin, Do you have any further details, updates, questions or comments in regards to this issue? This thread will be marked as resolved automatically in the next 72 hours if no activity is received. Regards Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
JoseH_Intel
Moderator
1,226 Views
Hello PRhin, Not that I am aware of. Now, when you say remote provisioning you mean you are using the ACU_Config tool from a RCS server? I think a workaround could be to use an older version of the ACU_Config software back when the vulnerability was not discovered but I think its a bit difficult to find it. I will ask to our engineering department for any older version available. Will get back to you as soon as I get updates Regards Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
PRhin
Beginner
1,226 Views
0 Kudos
JoseH_Intel
Moderator
1,226 Views
Hi PRHiner, The following is the response we received from engineering: "The vulnerability described in SA-00075 is considered a 'high severity' issue. Intel has removed the ability to configure systems that are not patched to mitigate the vulnerability to help ensure the best possible security for our customers. Intel recommends that all customers work with their system manufacturers to obtain updates for impacted systems, or leave the AMT functions of impacted systems in an unprovisioned state." Unfortunately there is no fix for older systems not receiving vulnerability patches. Regards Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
PRhin
Beginner
1,226 Views

Hi Jose

 

So Intel doesn't provide any fixes and removes the ability to use AMT? Great...

 

Thanks for the clarifications.

 

Regards

Patrick

0 Kudos
JoseH_Intel
Moderator
1,226 Views
Hi PRHiner, Probably they prioritize security over functionality. We will proceed to mark this thread as resolved. If you have further issues or questions just go ahead and create a new topic. Jose A. Intel Customer Support Technician Under Contract to Intel Corporation
0 Kudos
Reply