Community
cancel
Showing results for 
Search instead for 
Did you mean: 
ZTan2
Beginner
1,583 Views

Intel vulnerability still detected after upgrade to ME version 11.7.0.1229

Good day,

I am writing from Keysight Technologies, and our team is currently working on a custom-developed motherboard that went through the Intel AMT vulnerability problem. According to https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr Intel® Product Security Center , upgrading the ME version to any versions newer than 11.6 should patch up the vulnerability, however despite upgrading to ME version 11.7.0.1229, the Intel SA detection tool still returns a "Vulnerable" status. Any chance that the detection tool application (version 1.0.2.116) returns an erroneous status, or is ME version 11.7.0.1229 really still vulnerable?

Snapshot of the results attached below:

Risk Assessment

Based on the analysis performed by this tool, this system is vulnerable

Explanation:

The detected version of the Management Engine firmware is considered vulnerable for INTEL-SA-00075.

If Vulnerable, contact your OEM for support and remediation of this system.

For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689

or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075

INTEL-SA-00075 Detection Tool

Application Version: 1.0.2.116

Scan date: 2017-07-24 14:18:52

Host Computer Information

Name: KEYSIGH-SKS1OJL

Manufacturer: Default string

Model: Default string

Processor Name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz

Windows Version: Microsoft Windows 10 Enterprise 2016 LTSB

ME Information

Version: 11.7.0.1229

SKU: Intel(R) Full AMT Manageability

Provisioning Mode: Not Provisioned

Control Mode: None

Is CCM Disabled: False

Driver installation found: True

EHBC Enabled: False

LMS service state: Stopped

microLMS service state: NotPresent

Looking forward to your reply.

Thanks and regards,

Z.Tan

0 Kudos
4 Replies
MichaelA_Intel
Moderator
90 Views

ZTan

Greetings Z.Tan,

We are looking into this, which has been sent to the developers.

Regards,

 

Michael
MichaelA_Intel
Moderator
90 Views

ZTan

Hello Z. Tan,

Thanks you for reaching out to us with this concern. We would like to clarify the points that you have raised.

First, it is important to recognize that the ME 11.7.0.1229 build is a pre-production firmware build. The security advisory that you referenced does state "Versions before 6 or after 11.6 are not impacted." However, the intended scope of this statement is that it applies to production ME firmware builds that are released through official Intel channels. Intel highly recommends that system integrators do not use pre-production firmware builds in production systems.

Additionally, note that the Intel SA-00075 detection tool is reporting correctly, because the ME11.7.0.1229 build does contain the SA-00075 vulnerability. The SA-00075 vulnerability was resolved for the production release of the 11.7 code branch.

Regards,

Michael

MichaelA_Intel
Moderator
90 Views

ZTan

Hi ZTan,

Our developers are on hold waiting for your details. Can you please provide?

Regards,

Michael

ZTan2
Beginner
90 Views

Helo Michael,

Thank you for clarifying that the SA-00075 vulnerability will be resolved for the production release of the 11.7 code branch. Our development team will continue with the pre-production release until our product is released, and your developers may marked this as resolved.

Thanks and regards,

Z.Tan