Hello,

I have a Skylake i7-6700k with an Asus MAXIMUS VIII HERO (z170 motherboard). I've been trying to upgrade my Intel management engine but I've run into a problem which seems to be related to management engine itself.

I've installed the intel management engine interface drivers with no issue (11.7.0.1040) as far as I can tell.

I've ran the SA00086 tool from Intel that can be downloaded from here: https://downloadcenter.intel.com/download/27150 Intel-SA-00086 Detection Tool

It reports my system as vulnerable:

Processor Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz

OS Version: Microsoft Windows 10 Pro

Engine: Intel(R) Management Engine

Version: 11.0.0.1163

SVN: 1

I have downloaded the tool (http://dlcdnet.asus.com/pub/ASUS/mb/LGA1151/Z170-A/MEUpdateTool_UI_20171103_TP.zip http://dlcdnet.asus.com/pub/ASUS/mb/LGA1151/Z170-A/MEUpdateTool_UI_20171103_TP.zip ) from Asus for my motherboard for updating ME firmware (it uses FWUpdLcl64.exe from Intel), but when running it, it encounters an error:

Intel (R) Firmware Update Utility Version: 11.8.50.3399

Copyright (C) 2007 - 2017, Intel Corporation. All rights reserved.

Communication Mode: MEI

Error 8719: Firmware update cannot be initiated because Local Firmware update is disabled

It seems like my management engine is locked down somehow from being updated. There's no options in my UEFI/BIOS related to management engine.

Here's the output from MEInfoWin.exe:

Intel(R) MEInfo Version: 11.8.50.3416

Copyright(C) 2005 - 2017, Intel Corporation. All rights reserved.

Intel(R) ME code versions:

BIOS Version 3504

MEBx Version 0.0.0.0000

GbE Version 0.7

Vendor ID 8086

PCH Version 31

FW Version 11.0.0.1163 H

Security Version (SVN) 1

LMS Version Not Available

MEI Driver Version 11.7.0.1040

Wireless Hardware Version Not Available

Wireless Driver Version Not Available

FW Capabilities 0x11111D40

Intel(R) Capability Licensing Service - PRESENT/ENABLED

Protect Audio Video Path - PRESENT/ENABLED

Intel(R) Dynamic Application Loader - PRESENT/ENABLED

Re-key needed False

Platform is re-key capable True

TLS Disabled

Last ME reset reason Firmware reset

Local FWUpdate Disabled

BIOS Config Lock Enabled

GbE Config Lock Enabled

Host Read Access to ME Enabled

Host Write Access to ME Disabled

Host Read Access to EC Disabled

Host Write Access to EC Disabled

SPI Flash ID 1 EF4018

SPI Flash ID 2 Unknown

BIOS boot State Post Boot

OEM ID 00000000-0000-0000-0000-000000000000

Capability Licensing Service Enabled

OEM Tag 0x00000000

Slot 1 Board Manufacturer 0x00000000

Slot 2 System Assembler 0x00000000

Slot 3 Reserved 0x00000000

M3 Autotest Disabled

C-link Status Disabled

Independent Firmware Recovery Disabled

EPID Group ID 0xF87

LSPCON Ports None

5K Ports None

OEM Public Key Hash FPF 0000000000000000000000000000000000000000000000000000000000000000

OEM Public Key Hash ME 0000000000000000000000000000000000000000000000000000000000000000

ACM SVN FPF 0x0

KM SVN FPF 0x0

BSMM SVN FPF 0x0

GuC Encryption Key FPF 0000000000000000000000000000000000000000000000000000000000000000

GuC Encryption Key ME 0000000000000000000000000000000000000000000000000000000000000000

FPF ME

--- --

Force Boot Guard ACM Disabled Disabled

Protect BIOS Environment Disabled Disabled

CPU Debugging Enabled Enabled

BSP Initialization Enabled Enabled

Measured Boot Disabled Disabled

Verified Boot Disabled Disabled

Key Manifest ID 0x0 0x0

Enforcement Policy 0x0 0x0

I noticed that "Local FWUpdate" is set to Disabled. How can I enable this flag to upgrade my old firmware?

Would really appreciate some help on this matter. Thanks!