Updated Intel ME Firmware 16.1.32.2473 to intel i5-13500 processor

VARADHARAJAN · ‎08-22-2024

This Is just for Information to 13th generation processors users , using Windows 11 and Windows 10 os

I am using an Intel i5-13500 Raptor Lake S series processor.

Intel microcode 0x35

On 20th August 2024, Gigabyte Inc. released new bios firmware F18D.
Bios Developed date 15th July 2024
On 10th August 2024, I installed this Bios F18D on this Motherboard Gigabyte B760M DsS3H AX Rev1.2 with Intel i5-13500 Processor.
I am using Windows 11 23H2 Professional edition build no 222631.4037.

I installed 16.1.32.2473 on top of 16.1.32.2418

Intel CSME 10.0.1.0 version can be downloaded
https://www.intel.com/content/www/us/en/download/19392/intel-converged-security-and-management-engine-version-detection-tool-intel-csmevdt.html

I downloaded Intel ME firmware from the site below

[FIRMWARE] Intel ME (H610/B660/H670/Z690/B760/H770... - Republic of Gamers Forum - 861318 (asus.com)

Note::
1) Connect UPS to CPU and monitor.
2) Before flashing firmware, please get in touch with the motherboard manufacturer's technical support team and confirm you get the correct firmware only.
3) Flasing incorrect firmware to incompatible intel processors, the CPU might be bricked or the motherboard may be unusable or bricked.
4) I and the admin of https://www.station-drivers.com/ and the admin of https://community.intel.com/ are not responsible for any proper or improper damages caused by flashing

5) Use your own risk.

Thanking you

Varadharajan K

Dan0987 · ‎08-23-2024

Hi @VARADHARAJAN ,

Thank you for bringing this up. I was under the impression that Gigabyte updates the Intel ME firmware along with the BIOS update, so I didn't even bother to check.

Gigabyte motherboard users probably shouldn't have to rely on the community support, especially for such an important issue. Do you happen to know why Gigabyte is ignoring this issue? Have you contacted Gigabyte support?

VARADHARAJAN · ‎08-23-2024

Thanks for your reply.

Have a nice day

No, they won't update inteLME firmware with Bios firmware, every time a gigabyte releases new bios, after updating the bios, intel ME firmware resets to default 16.1.30.2264 firmware.

After updating every bios, I need to flash manually the latest available intel ME firmware, taking too much risk.

If you using a gigabyte with a 600 or 700 series motherboard, just check which ME firmware is embedded in your processor.

I also contacted support gigabyte regarding ME firmware with example stating Asus, MSI have updated intel ME firmware to their motherboard.

here is my question to gigabyte

Asus updates the Intel ME firmware version to all B760 motherboards. The latest intel ME firmware is 16.1.30.2307.But the Gigabyte B760M motherboard has 16.1.30.2264.So please update the bios with intel ME 16.1.30.2307.1. Release the latest Realtek audio driver.2. Release the latest intel graphics card driver2. Release the latest Nvidia graphics card driver for your gigabyte RTX cards.

Gigabyte replied to me

Thanks for your inquiry on Gigabyte Esupport.

Similar to Asus update logoFail UEFI vulnerabilities, Bios Bios F16 already updated this on bios F16.

The Asus ME version will not be exactly similar to GIgabyte.

So Gigabyte ignores the latest drivers too

I update the device drivers manually with those currently available on the internet all the drivers are digitally signed

Thanking you

Varadharajan K M.Sc Mathematics B.Ed

Dan0987 · ‎08-24-2024

Thanks @VARADHARAJAN

16.1.30.2264 here as well:

Intel(R) CSME Version Detection Tool
Copyright(C) 2017-2024, Intel Corporation, All rights reserved.

Application Version: 11.0.4.0

*** Host Computer Information ***
Manufacturer: Gigabyte Technology Co., Ltd.
Model: B660 AORUS MASTER DDR4
Processor Name: 13th Gen Intel(R) Core(TM) i5-13500
OS Version: Arch Linux (6.10.6-arch1-1)

*** Intel(R) ME Information ***
Engine: Intel(R) Converged Security and Management Engine
Version: 16.1.30.2264

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
  The detected version of the Intel(R) Converged Security and Management Engine firmware
  has a vulnerability listed in one or more of the public Security Advisories.
  Contact your system manufacturer for support and remediation of this system.

For more information refer to the Intel(R) CSME Version Detection Tool User Guide
or the related Intel Security Advisory list at:
https://www.intel.com/content/www/us/en/support/articles/000031784/technologies.html

Can we please have a comment from an @intel representative? Perhaps Intel should pressure Gigabyte to update Intel ME firmware more regularly, especially when it comes to fixing vulnerabilities?

VARADHARAJAN · ‎08-24-2024

@Dan0987 ,

Thanks for your reply and confirmation

Based on result, Your processor 13500 is vulnerable, so you need to update the latest Intel ME 16.1.32.2473 ( S & H) ( Latest)

13500 is a Raptor Lake S series processor, there are two types of firmware one for (LP) and the other for ( S & H ).

We need to download the correct firmware and flash it to the processor manually. Taking risk we need to do it unless Gigabyte updates intel ME through BIOS Firmware.

Please check What is your Processor CPUID? see in Bios

Also, check which microcode is updated in your motherboard after updating the latest bios firmware. see in bios and use Hwinfo64 software

16.1.30.2264 built-in processor, after this total of five versions are released

16.1.30.2307
16.1.30.2330
16.1.30.2367
16.1.32.2418
16.1.32.2473

My processor CpuID is B06F2

Intel Microcode is 0x35

Thanking you

Varadharajan K M.Sc Mathematics B.Ed

Dan0987 · ‎08-24-2024

Thanks, but firmware from an unofficial source seems to pose a greater risk than a vulnerability in the old firmware itself.

VARADHARAJAN · ‎08-24-2024

@Dan0987 ,

Thanks for your reply.

What's the intel-microcode version that is updated to your processor? Please confirm

Dan0987 · ‎08-24-2024

0x35 as well (20240813 Release)

selected microcodes:
  042/001: sig 0x000b06f2, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256
  042/001: sig 0x000b06f5, pf_mask 0x07, 2023-12-05, rev 0x0035, size 224256

VARADHARAJAN · ‎08-24-2024

@Dan0987 ,

Thanks for your reply. We received the same microcode 0x35, which means 0x125 and 0x129 are not applicable right