Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2832 Discussions

Intel CSME Detection and Validation Tool false reporting

SJack2
New Contributor II
8,548 Views

Hi,

The latest CSME Version Detection Tool is incorrectly reporting a vulnerability

Intel® Converged Security and Management Engine Version Detection Tool (Intel® CSMEVDT)

version 7.0.1.0 downloaded today reports the wrong CSME version.

Please see attached screenshots;

Version 6.0.1.0 correctly reports 15.0.35.2039 (latest)

Version 7.0.1.0 incorrectly reports 15.0.22.1622 

Board information is in screenshots and report is time stamped.

Can you please ensure the tool is fixed to detect correctly?

Thank you.

0 Kudos
1 Solution
SJack2
New Contributor II
8,312 Views

@SergioS_Intel @JoseH_Intel 

 

the machine has received an update to the GPU driver via the Intel Driver and Support Assistant to driver 30.0.101.1994 and the CSME tool is now quite unexpectedly reporting correctly. Previous driver build would have been something from the 30 series.

 

Attached are the screenshots of the driver update and the now correctly reporting 7.0.1.0 tool.

 

I think this may well conclude the matter?

 

 

 

 

View solution in original post

0 Kudos
18 Replies
JoseH_Intel
Moderator
8,532 Views

Hello SJack2,


Thank you for joining the Intel community


We can see the difference in the CSME version installed from v6.0.1.0 to v7.0.1.0. If this was extracted from the exact same system then there might be a bug in the latest version. Even though, take into consideration that a couple of threads detections were added to the latest version, so chances are you system is not fully protected to these new vulnerabilities.


Intel(R) CSME Version Detection Tool Release Notes

Version 7.0.1.0

January 2022


New or Changed Features:

- INTEL-SA-00610 detection added

- INTEL-SA-00613 detection added


https://downloadmirror.intel.com/28632/Intel_CSME_Version_Detection_Tool_Release_Notes.txt


Regards


Jose A.

Intel Customer Support Technician


0 Kudos
SJack2
New Contributor II
8,522 Views

Yes, from the same system. It (7.0.1.0) is detecting the incorrect CSME version on that system.

This is from my laptop (another system), and it correctly shows my version, so it is a bug on detection with that initial machine. It is that the REPORTED CSME version is incorrect in the initial instance, not that it is reporting a vulnerability (although it is reporting incorrectly as the CSME version is up to date and 6.0.1.0 reports it correctly).

 

These screenshots are correct as the version reported is the same with both tools.

 

 

 

 

 

0 Kudos
JoseH_Intel
Moderator
8,508 Views

Hello SJack2,


So the ME incorrectly reported is happening on the Gigabyte system only but not on your ASUS laptop? Would it be possible to try on another different system (other OEM than Gigabyte or ASUS)?. It is possible the issue is related to Gigabyte mainly.


Jose A.

Intel Customer Support Technician


0 Kudos
SJack2
New Contributor II
8,502 Views

I'd prefer to be brand agnostic, I think it may more be related to a specific CSME version (the app lookup table/dataset?).

 

So far I have tested (and updated for the vulnerability) on three CSME v11 machines (2 Lenovo, 1 HP), one CSME v14 (ASUS) and the CSME v15 (Gigabyte) is the only desktop, the others are laptops. The issue is I support the Gigabyte machine, not own so I'm not able to flash the update and check whether the update is detected correctly (but will be returning to site within 48 hours).

 

Consumer CSME has different variant at laptop / desktop chipset (as does Corporate). So it might be a desktop dataset or a Consumer dataset because my test pool is not wide enough (yet).

 

If I were into brand bashing, the ASUS (2021) is missing 2 microcode updates (despite me asking and getting no ETA), my own desktop is a Gigabyte, but it is AMD and has had precisely 2 UEFI security updates (SMM/Capsule) in 4 years, whereas with Intel it's a constant stream of either microcode (which Microsoft ignore on W11 and seemingly have gone into deep stasis on W10 since 20H2 as the OS has hit extended support), ME firmware or SGX.

 

As I continue to encounter machines I will update you should I see anomalies with misdetection on existing versioning or (which would be more worrying) with deployed updates. For now, it could even be an isolated occurrence.

 

 

0 Kudos
JoseH_Intel
Moderator
8,493 Views

Hello SJack2,


I appreciate your time and comprehensive approach about this CSME detection tool. I will keep the thread open for the next week just waiting for your updates. In case you find something consistently wrong looking like a bug, let me know so we can elevate your concern to our senior team.


Jose A.


Intel Customer Support Technician


SJack2
New Contributor II
8,476 Views

Update:

 

Horror of horrors. Now the older tool (6.0.1.0) is misreporting. Correct me if I am wrong, but the tool can work offline (i.e. it does not look at an online source for the versioning). Also both tools are failing to recognise the update, but the command line utility (FwUpdLcl64.exe) confirmed a successful flash and confirms the new version (15.0.41.2142)

 

Attached are screenshots of the output from both tools earlier today (please check the timestamps).

 

Also attached is the output of the command line tool FwUpdLcl64.exe

 

0 Kudos
SJack2
New Contributor II
8,476 Views

On a separate tack, can I confirm that Intel SA-00610 does not / no longer exists?

 

It's in the detection tool release notes but I can't find any reference to it on the Intel Security Center whereas I can find details of Intel SA-00613.

 

0 Kudos
SJack2
New Contributor II
8,109 Views

Thank you for updating to 7.0.2.0 but I guess Intel SA-00610 is a future advisory, under discovery / non-disclosure as yet.

Searches of the Security Center yield nothing as does a Google search.

0 Kudos
SergioS_Intel
Moderator
8,445 Views

Hello SJack2,


You can find information about the Intel SA-00613 here: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00613.html



Best regards,

Sergio S.

Intel Customer Support Technician



0 Kudos
SJack2
New Contributor II
8,432 Views
Hi @SergioS_Intel

I think you may have misread my message. I can’t find info on Intel SA-00610.
0 Kudos
JoseH_Intel
Moderator
8,401 Views

Hello SJack2,


I am not seeing any information related to SA-00610. The closest one is SA-00613 which you already have found. To my knowledge SA-00610 never existed.


Jose A.


Intel Customer Support Technician


JoseH_Intel
Moderator
8,379 Views

Hello SJack2,


Looking into that. Will get back to you soon.


Jose A.


Intel Customer Support Technician


JoseH_Intel
Moderator
8,354 Views

Hello SJack2,


Some development people are involved now. They are asking for screenshots and logs from a failed run. Also, please tell us what system the failed run came from. You have mentioned Gigabyte and ASUS already. Could you please confirm if this is happening on Gigabyte only?


Jose A.


Intel Customer Support Technician


0 Kudos
SJack2
New Contributor II
8,342 Views

@JoseH_Intel so far this has just occurred on the one machine.

 

I will try to widen the pool of test machines and hope to get back to you with the information requested (logs). The screenshots are already provided but I will attach them to this post for clarity.

 

To be clear, the board is Gigabyte H510M H rev1.3 UEFI FC (awaiting update due to microcode vulnerability)

 

The machine was reporting correctly under ME version 15.0.35.2039 and tool 6.0.1.0 (csme.png) before the latest vulnerabilities.

 

Running tool 7.0.1.0 against that ME firmware (15.0.35.2039), the tool misreported (csme 7.png) as 15.0.22.1622.

 

Updated the firmware to 15.0.41.2142 with Intel System Tools v15 r14 FwUpdLcl64.exe (cmd postupdate.png) successfully.

 

Running tool 7.0.1.0 against the newer ME firmware (15.0.41.2142) the tool still misreports (csme 7 postupdate.png) as 15.0.22.1622.

 

Running tool 6.0.1.0 similarly now misreports (csme 6 postupdate.png) as 15.0.22.1622.

 

 

0 Kudos
SergioS_Intel
Moderator
8,335 Views

Hello SJack2,


We appreciate the additional information and we will be looking forward for the logs requested.



Best regards,

Sergio S.

Intel Customer Support Technician


0 Kudos
SJack2
New Contributor II
8,313 Views

@SergioS_Intel @JoseH_Intel 

 

the machine has received an update to the GPU driver via the Intel Driver and Support Assistant to driver 30.0.101.1994 and the CSME tool is now quite unexpectedly reporting correctly. Previous driver build would have been something from the 30 series.

 

Attached are the screenshots of the driver update and the now correctly reporting 7.0.1.0 tool.

 

I think this may well conclude the matter?

 

 

 

 

0 Kudos
JoseH_Intel
Moderator
8,286 Views

Hello SJack2,


Well, kind of an unexpected resolution, but if you perceive no further issue then we can archive the thread. If something else arises just don't hesitate to create a new topic.


Best regards,


Jose A.

Intel Customer Support Technician


Reply