PDA

View Full Version : G752VY. Vulnerability Intel(R) Management Engine firmware for INTEL-SA-00086



Gustave
11-24-2017, 07:36 AM
Hello All,

Searching for information I stumbled upon this info regarding a vulnerability in the IMEI firmware that could give hackers acces to your (G752VY and probably other types as well) notebook. I thought to let you know. How severe this is, I don't know.

Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

Description: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Affected products:



6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ N and J series Processors

Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
This includes scenarios where a successful attacker could:


Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
Load and execute arbitrary code outside the visibility of the user and operating system.
Cause a system crash or system instability.
For more information, please see this Intel Support article (http://www.intel.com/SA-00086-Support)

If the INTEL-SA-00086 Detection Tool reported your system being vulnerable, please check with your system manufacturer for updated firmware. Links to system manufacturer pages concerning this issue can be found at http://www.intel.com/sa-00086-support.
If you need further assistance, contact Customer Support (https://www.intel.com/supporttickets)to submit an online service request.

Intel has released a downloadable detection tool located at http://www.intel.com/sa-00086-support , which will analyze your system for the vulnerabilities identified in this security advisory.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Regards.

Loaded Glove
11-24-2017, 08:23 AM
I have the Maximus Hero VIII, what is the oldest bios version/mei firmware version that is exempt from this threat? If you can link it from the download page, that would be super helpful and thanks in advance for any guidance anyone can provide. My current bios is old (version 2001) and I used the tool to discover that I am currently vulnerable.

Mechmaniac
11-24-2017, 03:10 PM
My last thread on General Discussion was closed with no valid reason, so I'll follow this...

JustinThyme
11-24-2017, 04:45 PM
This is not just the G752VY. This is across multiple platforms

Proper link for detection tool instead of previous digging through several pages to find a link that takes you to another page to pilfer through to find another link that takes you where you need to be. This link is where you need to be. Download and run the tool and it will tell you if you are vulnerable which pretty much........All intel machines are.

https://downloadcenter.intel.com/download/27150

meowmeowmeow
11-24-2017, 05:12 PM
Still waiting for ASUS to provide an update.
They didn't provide an update for the issue earlier this year.
And if they provide an update this time either, it may be time to go the legal route of forcing ASUS by EU rules regarding defects that's been there since the start.

Loaded Glove
11-24-2017, 06:20 PM
I said in my post I already used the tool and confirmed I have an older firmare version for the mei that IS vulnerable to exploitation. I will ask again since it was glazed over... for the Maximus Hero VIII, which bios can I use which has an MEI firmware version that is NOT vulnerable? Is 3504 new enough, could I use an earlier version?

Falkentyne
11-24-2017, 11:37 PM
You can patch manually, but make sure you read the disclaimers. Most laptops and desktops with current firmwares can be updated to the latest one but don't assume there is no risk. Read the disclaimers and do it at your own risk.

https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

I updated my GT73VR laptop manually with this successfully (H firmware) to go to 11.8.50.3425 (100/200/300 series Kaby Lake) and the flash tool to flash the BIN, and now I am protected and patched, but don't yell at me if it bricks your system.

Loaded Glove
11-25-2017, 12:44 AM
I have almost updated my bios many times this year, but procrastinated because I am of the school of thought where if it ain't broke, don't fix it. Even with drivers like graphics card drivers especially, I won't get the newest if whatever 1 I have installed has no issues with any games I'm playing. Generally I only update things if I have no choice or if I run into an issue that a newer driver or firmware might fix.

Gustave
11-28-2017, 12:01 PM
About this INTEL-SA-00086 vulnerability: I contacted Asus and they replied that the issue is under investigation and they expect to release an update in Januari 2018.

For the G752VY it can be found on its support website:

https://www.asus.com/ROG-Republic-Of-Gamers/ROG-G752VY/HelpDesk_Download/

There will also be an automatic update through Asus Live Update.

http://dlcdnet.asus.com/pub/ASUS/nb/UX303UB/ASUS_LiveUpdate_343.zip