Processors
Intel® Processors, Tools, and Utilities
14499 Discussions

Intel-SA-00086 Detection Tool / Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz

UMath
Beginner
‎02-07-2019 04:12 PM
2,965 Views

I downloaded the Intel-SA-00086 detection tool for diagnostics. It indicates:

INTEL-SA-00086 Detection Tool Copyright(C) 2017-2018, Intel Corporation, All rights reserved.   Application Version: 1.2.7.0 Scan date: 2019-02-03 08:02:28 GMT   *** Host Computer Information *** Name: debian Manufacturer: CLEVO CO. Model: W55xEU Processor Name: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz OS Version: debian 9.7 (4.9.0-8-amd64)   *** Intel(R) ME Information *** Engine: Intel(R) Management Engine Version: 8.1.0.1265 SVN: 0   *** Risk Assessment *** Based on the analysis performed by this tool: This system is vulnerable. Explanation: The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086.   Contact your system manufacturer for support and remediation of this system.   For more information refer to the INTEL-SA-00086 Detection Tool Guide or the Intel Security Advisory Intel-SA-00086 at the following link: https://www.intel.com/sa-00086-support

The tool indicates: This system is vulnerable.

 

The intel download center has no update for the intel management engine for an Intel Core i5-3210M processor.

 

https://downloadcenter.intel.com/product/67355/Intel-Core-i5-3210M-Processor-3M-Cache-up-to-3-10-GHz-rPGA

 

My questions:

 

Is the result of intel-sa-00086-tool wrong?

 

Or is it right. But there is no update for Intel's Manegement Engine for this processor (Intel Core i5-3210M). This system remains vulnerable?

 

Thank you in advance for your reply!

 

0 Kudos

Link Copied

1 Reply
n_scott_pearson
Super User
‎02-07-2019 08:33 PM
2,067 Views

No, the tool is not wrong. The issue is that, due to differences in firmware (including BIOS) implementations (and especially flash (firmware hub) organization), Management Engine updates must be customized by the OEM/ODM who implemented your motherboard/laptop. Whether this firmware is delivered as a standalone update package or is integrated into a BIOS update package is dependent upon their implementation. Bottom line, you must contact the OEM/ODM who built your motherboard/laptop and get the update through them.

 

Ok, getting up on my soapbox.

Unfortunately, for older designs such as yours, many of the OEMs/ODMs are refusing to provide these updates. There is nothing further that Intel can do regarding these decisions. Intel asked the OEMs/ODMs to support these efforts but, since it costs them money to do so, the frigging slime buckets are refusing to do so. If this turns out to be the case with your OEM/ODM, perhaps this should factored into your subsequent purchase decisions. Warranties shorter than 3 years and BIOS maintenance periods (at least for security issues) shorter than 6 years should be considered completely unacceptable.

Down off my soapbox now.

 

Hope this helps,

...S

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.