Processors
Intel® Processors, Tools, and Utilities
14794 Discussions

OpenSSL vulnerability in icls driver version 1.71.99.0

MaximvL
Beginner
4,936 Views

According to Microsoft Defender, the icls driver installed on 80% of our devices uses OpenSSL version 3.0.12. This version has known vulnerabilities.

The driverversion is 1.71.99.0 which is the latest from Windows Update and also the lastest I can find on the Intel-site (https://www.intel.com/content/www/us/en/download/682431/intel-management-engine-drivers-for-windows-10-and-windows-11.html?wapkw=intel%20r%20icss%20client).

Is there  a newer version which I missed? If not, when can we expect an updated driverpackage?

0 Kudos
7 Replies
ACarmona_Intel
Moderator
4,783 Views

Hello MaximvL,


Thank you for posting in our communities. 


I will raise the case with our engineers so they can provide us with the correct information.


I'll post the response to this thread here once it is available.

 

Thank you for your patience and understanding! 



Best regards, 

Carmona A.

Intel Customer Support Technician


0 Kudos
ACarmona_Intel
Moderator
4,299 Views

Hello MaximvL,


Thank you so much for patiently waiting on our response.


In order to delve deeper into this issue, we would like to ask about the specific make and model of your system, as well as your processor model.


Additionally, if you wish to report any security vulnerabilities related to Intel® products, we encourage you to check out our article titled 'How Do I Report Security and Vulnerability Issues Related to Intel® Products?' for detailed guidance.

 

We look forward to your response!


Best regards,

Carmona A.

Intel Customer Support Technician


0 Kudos
ACarmona_Intel
Moderator
3,102 Views

Hello MaximvL,


We are checking in with you to see if you already have the answers to our questions so we can further isolate our issue.


Thank you, and have a great day!


Best regards,

Carmona A.

Intel Customer Support Technician


0 Kudos
MaximvL
Beginner
3,082 Views

Carmona,

 

We have dozens of models with this issue. p.e. Dell Latitude 5540 13th Gen Intel(R) Core(TM) i5-1335U

I will send a mail as detailed in the link you send.

0 Kudos
ACarmona_Intel
Moderator
2,935 Views

Hello MaximvL,


Thank you so much for providing us with the details that we have requested. It is highly noted.


Yes, please do send an email using the link that we have provided so the right team can provide you with appropriate assistance regarding the security and vulnerability related to our Intel products.


By the way, I will now raise the case again with our engineers so they can thoroughly investigate the issue and provide us with a recommendation.


I will get back to you as soon as I have our engineers response.


Again, thank you so much for your patience. 



Best regards,

Carmona A.

Intel Customer Support Technician


0 Kudos
Account2241
Beginner
2,613 Views

Same issue here with several hundred Microsoft Surface Laptop and Surface Pro devices.

 

Specifically, the vulnerability is with the below files under folder c:\windows\system32\driverstore\filerepository\ that are part of the Intel ICLS driver packages installed on these devices:

 

libssl-1_1-x64.dll

libcrypto-1_1-x64.dll

libssl-3-x64.dll

libcrypto-3-x64.dll

 

Many devices have two versions of the Intel ICLS drivers within c:\windows\system32\driverstore\filerepository\ - one version with OpenSSL 1.1.1.0 DLLs and another with version OpenSSL 3.0.11.0 DLLs.

 

Installing the current Intel ME driver package using the installer linked in original post does not uninstall the old versions. There is also no entry in Add/Remove Programs to uninstall the older versions of ICLS.

 

What is the recommended method for removing old versions of Intel ICLS drivers from multiple devices?

0 Kudos
ACarmona_Intel
Moderator
2,421 Views

Hello MaximvL,


Thank you for patiently waiting on our response.


Please continue to contact the Intel Product Security Incident Response Team for your concern; they will provide you with the appropriate recommendation that you need.


You may use this thread as a reference once you have contacted them.


By the way, we will now be closing this case. For additional information, please submit a new question, as this thread will no longer be monitored.

 


Best regards,

Carmona A.

Intel Customer Support Technician


0 Kudos
Reply