- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good afternoon,
I am currently working with my company to fix multiple machines with the Intel-SA-00086 vulnerability. We appear to be having success with HP model machines where the update is installed and then the detection tool reports back that the system is no longer vulnerable and has been patched. With Dell machines we are not having as much luck. We have currently tried a few Dell Optiplex 7010s and a few Dell Latitude E6530s. We have installed the Management Engine firmware update, but it appears the tool still sees the old firmware. I have uploaded some pictures of the tool output and what is in the registry on the computer.
For the registry picture I am looking at the ME key values located at: HKLM\SOFTWARE\WOW6432Node\Intel\ME
Is there any way that we can get an explanation of where exactly the tool is looking to find out if the machine is vulnerable? I have searched but don't find any documentation other than the user guide that only explains how to run the tool. Any assistance would be appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After some more testing it appears that that the Dell machines require the full BIOS update. The only Management Engine update did not work. Once the BIOS update was installed, the detection tool came back green that the system was no longer vulnerable.
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
After some more testing it appears that that the Dell machines require the full BIOS update. The only Management Engine update did not work. Once the BIOS update was installed, the detection tool came back green that the system was no longer vulnerable.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In general, each board/system vendor is going to release the update in one of two ways, (1) as part of a full F/W update (BIOS package), or (2) as a standalone ME F/W update. Method # 1 will likely be more common. Regardless, you will need to analyze each vendor separately to determine which update method is being supported.
...S
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page