Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Beginner
1,067 Views

Intel-SA-00086 Detection Tool / Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz

I downloaded the Intel-SA-00086 detection tool for diagnostics. It indicates:

INTEL-SA-00086 Detection Tool Copyright(C) 2017-2018, Intel Corporation, All rights reserved.   Application Version: 1.2.7.0 Scan date: 2019-02-03 08:02:28 GMT   *** Host Computer Information *** Name: debian Manufacturer: CLEVO CO. Model: W55xEU Processor Name: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz OS Version: debian 9.7 (4.9.0-8-amd64)   *** Intel(R) ME Information *** Engine: Intel(R) Management Engine Version: 8.1.0.1265 SVN: 0   *** Risk Assessment *** Based on the analysis performed by this tool: This system is vulnerable. Explanation: The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086.   Contact your system manufacturer for support and remediation of this system.   For more information refer to the INTEL-SA-00086 Detection Tool Guide or the Intel Security Advisory Intel-SA-00086 at the following link: https://www.intel.com/sa-00086-support

The tool indicates: This system is vulnerable.

 

The intel download center has no update for the intel management engine for an Intel Core i5-3210M processor.

 

https://downloadcenter.intel.com/product/67355/Intel-Core-i5-3210M-Processor-3M-Cache-up-to-3-10-GHz...

 

My questions:

 

Is the result of intel-sa-00086-tool wrong?

 

Or is it right. But there is no update for Intel's Manegement Engine for this processor (Intel Core i5-3210M). This system remains vulnerable?

 

Thank you in advance for your reply!

 

0 Kudos
1 Reply
Highlighted
Super User Retired Employee
169 Views

No, the tool is not wrong. The issue is that, due to differences in firmware (including BIOS) implementations (and especially flash (firmware hub) organization), Management Engine updates must be customized by the OEM/ODM who implemented your motherboard/laptop. Whether this firmware is delivered as a standalone update package or is integrated into a BIOS update package is dependent upon their implementation. Bottom line, you must contact the OEM/ODM who built your motherboard/laptop and get the update through them.

 

Ok, getting up on my soapbox.

Unfortunately, for older designs such as yours, many of the OEMs/ODMs are refusing to provide these updates. There is nothing further that Intel can do regarding these decisions. Intel asked the OEMs/ODMs to support these efforts but, since it costs them money to do so, the frigging slime buckets are refusing to do so. If this turns out to be the case with your OEM/ODM, perhaps this should factored into your subsequent purchase decisions. Warranties shorter than 3 years and BIOS maintenance periods (at least for security issues) shorter than 6 years should be considered completely unacceptable.

Down off my soapbox now.

 

Hope this helps,

...S

0 Kudos