Community
cancel
Showing results for 
Search instead for 
Did you mean: 
RCask
Beginner
1,159 Views

Intel-SA-00086 not updating

Jump to solution

Good afternoon,

I am currently working with my company to fix multiple machines with the Intel-SA-00086 vulnerability. We appear to be having success with HP model machines where the update is installed and then the detection tool reports back that the system is no longer vulnerable and has been patched. With Dell machines we are not having as much luck. We have currently tried a few Dell Optiplex 7010s and a few Dell Latitude E6530s. We have installed the Management Engine firmware update, but it appears the tool still sees the old firmware. I have uploaded some pictures of the tool output and what is in the registry on the computer.

For the registry picture I am looking at the ME key values located at: HKLM\SOFTWARE\WOW6432Node\Intel\ME

Is there any way that we can get an explanation of where exactly the tool is looking to find out if the machine is vulnerable? I have searched but don't find any documentation other than the user guide that only explains how to run the tool. Any assistance would be appreciated.

0 Kudos
1 Solution
RCask
Beginner
155 Views

After some more testing it appears that that the Dell machines require the full BIOS update. The only Management Engine update did not work. Once the BIOS update was installed, the detection tool came back green that the system was no longer vulnerable.

View solution in original post

2 Replies
RCask
Beginner
156 Views

After some more testing it appears that that the Dell machines require the full BIOS update. The only Management Engine update did not work. Once the BIOS update was installed, the detection tool came back green that the system was no longer vulnerable.

View solution in original post

n_scott_pearson
Super User Retired Employee
155 Views

In general, each board/system vendor is going to release the update in one of two ways, (1) as part of a full F/W update (BIOS package), or (2) as a standalone ME F/W update. Method # 1 will likely be more common. Regardless, you will need to analyze each vendor separately to determine which update method is being supported.

...S

Reply