INTEL-SA-00075 vulnerability - General Hardware - Laptop - Dell Community

INTEL-SA-00075 vulnerability

Laptop

Laptop
Laptop computer Forums (Audio, General Hardware, Video)

INTEL-SA-00075 vulnerability

This question has been answered by ejn63

 INTEL-SA-00075 Discovery Tool says my computer with intel vpro is vulnerable. Says contact manufacturer for firmware update.

Verified Answer
  • Since you're not using AMT, there's nothing to worry about.

All Replies
  • No one's going to be able to reply to a cryptic one-line post.

    What model?  What OS?  Are you actively using AMT?

  • Dell Latitude E 6420 model.

    came with Win 7 professional. I upgraded to Win 10.

    Risk Assessment

    Based on the version of the ME, the System is Vulnerable.

    If Vulnerable, contact your OEM for support and remediation of this system.

    For more information, refer to CVE-2017-5689 at: nvd.nist.gov/.../CVE-2017-5689 or the Intel security advisory Intel-SA-00075 at: security-center.intel.com/advisory.aspx

    INTEL-SA-00075 Discovery Tool GUI Version

    Application Version: 1.0.1.6

    Scan date: 19-05-2017 19:07:10

    Host Computer Information

    Name: DELL-PC

    Manufacturer: Dell Inc.

    Model: Latitude E6420

    Processor Name: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz

    Windows Version: Microsoft Windows 10 Pro

    ME Information

    Version: 7.1.70.1198

    SKU: Intel(R) Full AMT Manageability

    State: Not Provisioned

    Driver installation found: True

    EHBC Enabled: False

    LMS service state: NotPresent

    microLMS service state: NotPresent

  • Since you're not using AMT, there's nothing to worry about.

  • Thank you. How to determine that I am not using that? When intel discovery tool says "Vulnerable".

  • "not provisioned" means it's not being used.  If you're worried about it, uninstall the AMT driver -- that will fix it permanently (or until Dell releases a patched driver).

  • When I was asking about this a while ago regarding my XPS 15 9550 which also tested positive with this tools for some reason, I also got very similar categorical denial from Dell at this forum. However, a few days later the BIOS update to 1.2.25 appeared on Dell support site, declaring a fix to the Management Engine.

    I understand the most acute part of this vulnerabilty is indeed with AMT, a component of Intel vPro which is mostly included only with server- and workstation-grade Intel processors. Because it allowed connection without the password! But that a related update was also made to the thinner Management Engine, which is in practically all Intel chipsets since about 2008. The BIOS does provide for certain background administration functionality, but I haven't configured it. I guess the Intel windows LMT service interfacing the ME also needs an associated update.    

    Funnily, after the BIOS update the Intel tool still found my laptop VULNERABLE, "based on the version of the ME". However, updating the tool to its most recent version 1.0.1.39 resulted in Not Vulnerable status.

  • Yes, vulnerable until you can get a BIOS update from Dell. This is a chip on the main board and is active even when powered down, bypasses the OS. On boot up you can access the MEBx panel but you mainly only disable your access to it. Dwld the manual first. The password is admin.  New PWD mus be 8-12 char incl digit, cap and a !$   More info www.ssh.com/.../

    In the meantime you can block ports block ports 16992, 16993, 16994, 16995, 623, 664 on your router.