- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good day,
I am writing from Keysight Technologies, and our team is currently working on a custom-developed motherboard that went through the Intel AMT vulnerability problem. According to https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr Intel® Product Security Center , upgrading the ME version to any versions newer than 11.6 should patch up the vulnerability, however despite upgrading to ME version 11.7.0.1229, the Intel SA detection tool still returns a "Vulnerable" status. Any chance that the detection tool application (version 1.0.2.116) returns an erroneous status, or is ME version 11.7.0.1229 really still vulnerable?
Snapshot of the results attached below:
Risk Assessment
Based on the analysis performed by this tool, this system is vulnerable
Explanation:
The detected version of the Management Engine firmware is considered vulnerable for INTEL-SA-00075.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689
or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075
INTEL-SA-00075 Detection Tool
Application Version: 1.0.2.116
Scan date: 2017-07-24 14:18:52
Host Computer Information
Name: KEYSIGH-SKS1OJL
Manufacturer: Default string
Model: Default string
Processor Name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Windows Version: Microsoft Windows 10 Enterprise 2016 LTSB
ME Information
Version: 11.7.0.1229
SKU: Intel(R) Full AMT Manageability
Provisioning Mode: Not Provisioned
Control Mode: None
Is CCM Disabled: False
Driver installation found: True
EHBC Enabled: False
LMS service state: Stopped
microLMS service state: NotPresent
Looking forward to your reply.
Thanks and regards,
Z.Tan
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ZTan
Greetings Z.Tan,
We are looking into this, which has been sent to the developers.
Regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ZTan
Hello Z. Tan,
Thanks you for reaching out to us with this concern. We would like to clarify the points that you have raised.
First, it is important to recognize that the ME 11.7.0.1229 build is a pre-production firmware build. The security advisory that you referenced does state "Versions before 6 or after 11.6 are not impacted." However, the intended scope of this statement is that it applies to production ME firmware builds that are released through official Intel channels. Intel highly recommends that system integrators do not use pre-production firmware builds in production systems.
Additionally, note that the Intel SA-00075 detection tool is reporting correctly, because the ME11.7.0.1229 build does contain the SA-00075 vulnerability. The SA-00075 vulnerability was resolved for the production release of the 11.7 code branch.
Regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ZTan
Hi ZTan,
Our developers are on hold waiting for your details. Can you please provide?
Regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Helo Michael,
Thank you for clarifying that the SA-00075 vulnerability will be resolved for the production release of the 11.7 code branch. Our development team will continue with the pre-production release until our product is released, and your developers may marked this as resolved.
Thanks and regards,
Z.Tan
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page