Processors
Intel® Processors, Tools, and Utilities
14509 Discussions

Intel-SA-00086 not updating

RCask
Beginner
‎05-30-2018 09:54 PM
1,679 Views
Solved Jump to solution

Good afternoon,

I am currently working with my company to fix multiple machines with the Intel-SA-00086 vulnerability. We appear to be having success with HP model machines where the update is installed and then the detection tool reports back that the system is no longer vulnerable and has been patched. With Dell machines we are not having as much luck. We have currently tried a few Dell Optiplex 7010s and a few Dell Latitude E6530s. We have installed the Management Engine firmware update, but it appears the tool still sees the old firmware. I have uploaded some pictures of the tool output and what is in the registry on the computer.

For the registry picture I am looking at the ME key values located at: HKLM\SOFTWARE\WOW6432Node\Intel\ME

Is there any way that we can get an explanation of where exactly the tool is looking to find out if the machine is vulnerable? I have searched but don't find any documentation other than the user guide that only explains how to run the tool. Any assistance would be appreciated.

Preview file
42 KB
Preview file
8 KB
0 Kudos
1 Solution
RCask
Beginner
‎05-30-2018 11:49 PM
675 Views
Solved Jump to solution

After some more testing it appears that that the Dell machines require the full BIOS update. The only Management Engine update did not work. Once the BIOS update was installed, the detection tool came back green that the system was no longer vulnerable.

View solution in original post

0 Kudos
Copy link

Link Copied

2 Replies
RCask
Beginner
‎05-30-2018 11:49 PM
676 Views
Solved Jump to solution

After some more testing it appears that that the Dell machines require the full BIOS update. The only Management Engine update did not work. Once the BIOS update was installed, the detection tool came back green that the system was no longer vulnerable.

0 Kudos
Copy link
n_scott_pearson
Super User
‎05-31-2018 12:04 PM
675 Views
Solved Jump to solution
In response to RCask

In general, each board/system vendor is going to release the update in one of two ways, (1) as part of a full F/W update (BIOS package), or (2) as a standalone ME F/W update. Method # 1 will likely be more common. Regardless, you will need to analyze each vendor separately to determine which update method is being supported.

...S

In response to RCask
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.