I am writing from Keysight Technologies, and our team is currently working on a custom-developed motherboard that went through the Intel AMT vulnerability problem. According to https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr Intel® Product Security Center , upgrading the ME version to any versions newer than 11.6 should patch up the vulnerability, however despite upgrading to ME version 22.214.171.1249, the Intel SA detection tool still returns a "Vulnerable" status. Any chance that the detection tool application (version 126.96.36.199) returns an erroneous status, or is ME version 188.8.131.529 really still vulnerable?
Snapshot of the results attached below:
Based on the analysis performed by this tool, this system is vulnerable
The detected version of the Management Engine firmware is considered vulnerable for INTEL-SA-00075.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689
or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075
INTEL-SA-00075 Detection Tool
Application Version: 184.108.40.206
Scan date: 2017-07-24 14:18:52
Host Computer Information
Manufacturer: Default string
Model: Default string
Processor Name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Windows Version: Microsoft Windows 10 Enterprise 2016 LTSB
SKU: Intel(R) Full AMT Manageability
Provisioning Mode: Not Provisioned
Control Mode: None
Is CCM Disabled: False
Driver installation found: True
EHBC Enabled: False
LMS service state: Stopped
microLMS service state: NotPresent
Looking forward to your reply.
Thanks and regards,
Hello Z. Tan,
Thanks you for reaching out to us with this concern. We would like to clarify the points that you have raised.
First, it is important to recognize that the ME 220.127.116.119 build is a pre-production firmware build. The security advisory that you referenced does state "Versions before 6 or after 11.6 are not impacted." However, the intended scope of this statement is that it applies to production ME firmware builds that are released through official Intel channels. Intel highly recommends that system integrators do not use pre-production firmware builds in production systems.
Additionally, note that the Intel SA-00075 detection tool is reporting correctly, because the ME18.104.22.1689 build does contain the SA-00075 vulnerability. The SA-00075 vulnerability was resolved for the production release of the 11.7 code branch.
Thank you for clarifying that the SA-00075 vulnerability will be resolved for the production release of the 11.7 code branch. Our development team will continue with the pre-production release until our product is released, and your developers may marked this as resolved.
Thanks and regards,