- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
As recently identified vulnerability issue with AMT vPro machines, I was trying to unprovision AMT using the "ACUConfigure.exe unconfigure", but fails because LMS service is not there in those machines, and tried doing unprovisioning it via BIOS but on all those machines default password 'admin' is not working, and in one machine I am getting "MEBx Login Error - Error applying new password", when it prompts for changing the password.
Here's the situation
- Machines which is AMT provisioned (Provision State=2), does not have LMS service, so when I run "ACUConfigure.exe unconfigure", it fails because of missing LMS service.
- On machines having LMS service, AMT provision state is not 2.
- Most of the machines having AMT provision state 2 are "DT research BU590", since "ACUConfigure.exe unconfigure" is not working, as LMS service is missing, tried unprovisioning it via BIOS, but default password is not working.
- One machine - Thinkpad 460 with provision state 2, getting error while trying to change the password.
Please let me know, how to unprovision AMT and remove / uninstall LMS.
Also please confirm, if Provision state is 0, then it is unprovisioned.
Thanks
Kabilan
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kabi
Hi Kabilan,
Please try using the Unprovisioning tool located here:
https://downloadcenter.intel.com/download/26781/Intel-SA-00075-Unprovisioning-Tool https://downloadcenter.intel.com/download/26781/Intel-SA-00075-Unprovisioning-Tool
Let us know if this works for you.
Regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same issue as Kabilan. I tried running the Unprovisioning Tool. I first ran the Discovery Tool on a machine and the Risk\Exposure status was 'Vulnerable\Exposed'. I then ran the Unprovisioning Tool and received a successfully unprovisioned message. I rebooted the computer and re-ran the Discovery Tool expecting to see that the computer was 'Not Vulnerable\Not Exposed' but it was still showing 'Vulnerable\Exposed'. I've included the log messages from these tools, any ideas?
Initial Discovery Tool Results:
<</span>System>
<</span>Application_Name>INTEL-SA-00075 Discovery Tool</</span>Application_Name> <</span>Application_Version>1.0.1.39</</span>Application_Version> <</span>Computer_Name>WCALABASL1</</span>Computer_Name> <</span>Scan_Date>5/26/2017 10:24:41 AM</</span>Scan_Date> - <</span>Hardware_Inventory> <</span>Computer_Manufacturer>Hewlett-Packard</</span>Computer_Manufacturer> <</span>Computer_Model>HP rp5800</</span>Computer_Model> <</span>Processor>Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz</</span>Processor></</span>Hardware_Inventory>
- <</span>ME_Firmware_Information> <</span>ME_Version>7.1.52.1176</</span>ME_Version> <</span>ME_SKU>Intel(R) Standard Manageability</</span>ME_SKU> <</span>ME_Provisioning_State>Provisioned</</span>ME_Provisioning_State> <</span>ME_Driver_Installed>True</</span>ME_Driver_Installed> <</span>ME_EHBC_Enabled>False</</span>ME_EHBC_Enabled> <</span>LMS_State>Running</</span>LMS_State> <</span>MicroLMS_State<span class...- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MichaelLambert
I can see where you would be concerned with the results of running the discovery tool. I've checked your system to see if it is vPro enabled and it is not. Without vPro, there is no AMT and hence, you are not exposed to this vulnerability:
http://ark.intel.com/products/53426/Intel-Core-i3-2120-Processor-3M-Cache-3_30-GHz Intel® Core™ i3-2120 Processor (3M Cache, 3.30 GHz) Product Specifications
Regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply, Unprovisioning tool works, but it needs user interaction, do you have an enterprise wide solution.
And how to prevent AMT provisioning?, does AMT provisioning state switch from 0 to 2 automatically or under any specific circumstance?,
If a machine having LMS service but AMT is unprovisioned, is it vulnerable?
Thanks
Kabilan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kabi
Hi Kabilan,
I know this response is very late. I seem to have missed this one and I apologize.
https://downloadcenter.intel.com/download/26755 Download INTEL-SA-00075 Detection and Mitigation Tool
The latest version has a silent installation option. You can see the syntax on page 3 of the .pdf included in the download.
And how to prevent AMT provisioning?, does AMT provisioning state switch from 0 to 2 automatically or under any specific circumstance?,
AMT provisioning does not switch state automatically.
If a machine having LMS service but AMT is unprovisioned, is it vulnerable?
The vulnerability on the system will not be fixed until the firmware has been updated.
Regards,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kabi
Hi Kabi,
Apologies, my response was incomplete...to answer your question about provision state = 0. This is "not provisioned"
Regards,
Michael

- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page