PDA

View Full Version : Intel Management Engine (ME) Security Hole - ASUS ROG G752VS-XS74K



The_Guru
11-26-2017, 06:34 AM
So I've waited a couple days. Still no update provided by ASUS on the support page for this major hole. Anyone know the status?

Clintlgm
11-26-2017, 06:55 AM
First I've heard of it? what is this security hole you speak of?

The_Guru
12-05-2017, 01:12 PM
This one. Still nothing even in ASUS's latest news release.
http://www.techradar.com/news/did-intel-leave-a-huge-security-hole-in-your-brand-new-pc
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

Detection tool:
https://downloadcenter.intel.com/download/27150

Clintlgm
12-05-2017, 07:24 PM
What I'm reading here is that Intel has a major issue, Asus would be waiting on Intel to solve this issue and patch or firmware update etc what ever it will take to solve the issue. It doesn't seem like a Asus issue too me and that would be the reason were not hearing about it from Asus since they would need the firmware update from Intel to solve this issue?

xeromist
12-05-2017, 08:31 PM
There's an announcement from a few days ago:
https://www.asus.com/News/q5R9EixxfAqo1anZ

EDIT: appears the 752s have now been added. Please visit the link for the update tool.

Clintlgm
12-05-2017, 08:54 PM
Thanks for the update xeromist, I wonder is that is good or bad that we are not listed. My guess is the G Series are much more complicated and might take a little longer to implement?

The_Guru
12-10-2017, 09:59 AM
All I know for sure is that we ARE affected. All you need to do is use intel's own detection tool and even look at your CPU model number. I find it odd DELL and other OEMs can release all of their's but ASUS can't or that they simply don't deem their gaming line worthy of their attention.

Gps3dx
12-10-2017, 02:44 PM
I find it odd DELL and other OEMs can release all of their's but ASUS can't or that they simply don't deem their gaming line worthy of their attention.

oh... well.. it isn't new news... it's a policy - and that's my opinion after my last RMA.
IMHO and from my own experience, Asus's DNA (https://www.asus.com/us/About_ASUS/ASUS_DNA/), in terms of "service experience" for G-serie - is altered and twisted at its root nucleotides.

IMHO, instead of wasting millions of USD on marketing world-wide, pre-sale - they should invest their capitals into after-market experience for their clients.
but no.....that's not Asus's way.... - right Mr. Bahz @Asus?

xeromist
12-10-2017, 10:42 PM
right Mr. Bahz @Asus?

Bahz no longer works for ASUS so I don't think you'll be getting an answer from him.

OnePiece@ASUS
12-13-2017, 06:46 AM
Please refer to the following message.
https://www.asus.com/News/q5R9EixxfAqo1anZ
Thank you for your patience.

The_Guru
12-21-2017, 10:23 AM
It's still not listed despite being affected...

zvober
12-21-2017, 12:07 PM
From my point of view, it is unacceptable for expensive high-performance Asus ROG G752VS laptop that:

1)
such a long time ELAN touchpad doesn't work ok in Windows, and doesn't work at all in Linux

[3.250831] i2c_hid i2c-ELAN1203:00: i2c-ELAN1203:00 supply vdd not found, using dummy regulator
[3.287631] hid-multitouch 0018:04F3:3043.0007: Ignoring the extra HID_DG_INPUTMODE
[3.287673] input: ELAN1203:00 04F3:3043 Touchpad as /devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-2/i2c-ELAN1203:00/0018:04F3:3043.0007/input/input16
[3.287754] hid-multitouch 0018:04F3:3043.0007: input,hidraw6: I2C HID v1.00 Mouse [ELAN1203:00 04F3:3043] on i2c-ELAN1203:00

even if someone made an alternative touchpad firmware that fixes the problem both in Windows and Linux
https://rog.asus.com/forum/showthread.php?93405-G-752-VS-Touchpad-Gesture-Fix

2)
within BIOS settings no option exist to disable "USB charging"

3)
within BIOS settings no option exist to disable Intel Management Engine.

28 August 2017, Mark Ermolov and Maxim Goryachy
Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform.
After unpacking the executable modules, our research team proceeded to examine the software and hardware internals of Intel ME.
A large number of XML files contain a lot of interesting information: the structure of ME firmware and description of the PCH strap, as well as special configuration bits for various subsystems integrated into the PCH chip. One of the fields, called "reserve_hap", drew our attention because there was a comment next to it: "High Assurance Platform (HAP) enable". Googling did not take long. The second search result said that the name belongs to a trusted platform program linked to the U.S. National Security Agency (NSA).

While we are waiting Asus announced reaction, here's another type of approach how to handle this most probably NSA back door:

- following the recent Intel Management Engine (ME) vulnerabilities combined with some engineering work the past few months on their end, System76 will begin disabling ME on their laptops;

- Purism has announced today (19 October 2017) all laptops to be shipping from their company will now have the Intel Management Engine (ME) disabled;

- Linux world: via an open-source, third-party tool called me_cleaner, it's now possible to disable & strip down Intel's ME blob.

danmaku
01-06-2018, 06:46 AM
Has anyone spoken with ASUS directly? The news article still does not mention the G752 model

I wonder if it's been orphaned

EDIT: The G752VS is compatible with the firmware update posted despite not being listed (the G752VSK is listed instead). I ran intel's tool and it confirmed that the patch did its job

Rentard
01-06-2018, 04:22 PM
Best keep flooding their support about it. That's damn scummy.

Rentard
01-08-2018, 01:11 PM
support says:


Thank you again for contacting ASUS Technical Support, I appreciate you taking the time to respond to our previous email.

I do realize your unit is not in the list, however, this is an ongoing development. I recommend checking back within a week or so to see if there is any further update regarding your unit.

I hope this information was helpful, thank you again for your patience in handling this challenge.


Regarding disabling ME:

Intel ME is used for DRM like netflix. This is why scumbag manufacturers dont give us option to disable. They cannot conceive that someone does not need nor want drm. Personally I want the option to disable, I won't use any site or service that is hostile to owning your own machine like android bank apps or drm using services or games.

christian86
01-09-2018, 01:17 AM
There is already a Firmware Update for various G752 to close the security hole.

You can find it here under "driver&tools" and then select other "others" for the OS selection: https://www.asus.com/us/ROG-Republic-Of-Gamers/ROG-G752VT/HelpDesk_Download/

I have already installed it for the G752VT. You can find it for other models like the G752VS under the same section.

Rentard
01-09-2018, 01:33 PM
There is no G752VM update still.

warryabel
01-09-2018, 01:38 PM
will the microcodeupdate be available for g751 series?

winyl
01-09-2018, 08:56 PM
There's an announcement from a few days ago but the 752 isn't on it:
https://www.asus.com/News/q5R9EixxfAqo1anZ

Well it is there. Just search for it ;).

xeromist
01-09-2018, 09:47 PM
Well it is there. Just search for it ;).

Yup, it appears the 752's have been added since I posted that link. I'll update my post.

xeromist
01-09-2018, 09:49 PM
There is no G752VM update still.

Appears to be listed now.

BogdanCiulei
01-10-2018, 09:03 PM
Any fix for G752VS or this model was so crap that Asus gave up on it and the customers who bought it ?

Mattersbro
01-10-2018, 09:18 PM
Hello @OnePiece@Asus,

I have a question regarding the Intel Management Engine security vulnerability.

In december 2017 Asus made a statement: https://www.asus.com/us/support/FAQ/1034961/

In this FAQ statement from Asus, I fail to see my motherboard on the list (P8 Z77-V), to receive a security update regarding the Intel Management flaw.
But the P8 Z77-V motherboard uses IME version 11.0, which, according to Intel and Asus statement, is considered vulnerable. And Intel support says the motherboard manufacturer has to be adressed.

Is the P8Z77-V motherboard not going to receive the security patch for Intel Management Engine?
Regards
Mattersbro

xeromist
01-11-2018, 12:23 AM
Any fix for G752VS or this model was so crap that Asus gave up on it and the customers who bought it ?

Appears to be listed as G752VSK but a poster earlier in this thread said it worked for his VS so give it a go.

danmaku
01-11-2018, 01:18 AM
Any fix for G752VS or this model was so crap that Asus gave up on it and the customers who bought it ?

The Intel ME firmware fix for the VSK works for the VS as well, despite not being listed. Give it a shot and verify using intel's detection tool.

Are all G752VS's just busted or something? The first one I had to RMA due to random shutting down issues when I played games. My current one can't boot from sleep properly half the time (also having boot up issues where it will boot but hang during loading windows and just display a black screen until I press the power button again, at which point it loads windows) and the audio port heats up when I put the computer to sleep. I had a great experience with my G751JT. I'm wondering if I should keep this and accept this computer's problems or roll the dice again with another replacement.

BogdanCiulei
01-11-2018, 09:53 AM
The Intel ME firmware fix for the VSK works for the VS as well, despite not being listed. Give it a shot and verify using intel's detection tool.

Are all G752VS's just busted or something? The first one I had to RMA due to random shutting down issues when I played games. My current one can't boot from sleep properly half the time (also having boot up issues where it will boot but hang during loading windows and just display a black screen until I press the power button again, at which point it loads windows) and the audio port heats up when I put the computer to sleep. I had a great experience with my G751JT. I'm wondering if I should keep this and accept this computer's problems or roll the dice again with another replacement.

Yes, pretty much all have the same issues : black screen on entering graphics mode, busted touchpad that breaks gestures every now and then when using sleep, weird cracking noises from the sound chip entering power saving mode, hot around the audio area without anything playing, micro freeze issues in games.
For a $2500 laptop, I say its pretty bad.

Fall Creators Update improved stability a little but issues are still present, only they manifest less often.
Asus didn't publish any newer update since 2016, except a bios update in August of 2017, but it didn't fix much.

warryabel
01-11-2018, 02:33 PM
What about G 751 not worth an answer?

BogdanCiulei
01-11-2018, 07:29 PM
I can confirm that the patch for G752VSK works for the G752VS as well , and Intel's detection tool reports my system as patched

Mattersbro
01-12-2018, 01:10 AM
70449

Im a bit confused, hope someone can clarify. On the motherboard download page for my motherboard and in windows devicemanager it says IME driver version 11.0 .0.1155, but today I used the intel tool (INTEL-SA-00086) to detect whether my system is vulnerable, and it says IME firmware version is 8.0.2.1410.

Which is it? 11.0 or 8.0.2? Because 11.0 is considered vulerable. Or is driver version /= firmware version?

warryabel
01-12-2018, 08:32 AM
What about G 751 not worth an answer?
poor service from the first day of purchase, from a diing battery over the gsync thing ,to bad cooling assembling and now no word about how to going on with security hole on intel ME.
Next laptop not worth to think about asus consumer****...

BogdanCiulei
01-12-2018, 09:35 AM
70449

Im a bit confused, hope someone can clarify. On the motherboard download page for my motherboard and in windows devicemanager it says IME driver version 11.0 .0.1155, but today I used the intel tool (INTEL-SA-00086) to detect whether my system is vulnerable, and it says IME firmware version is 8.0.2.1410.

Which is it? 11.0 or 8.0.2? Because 11.0 is considered vulerable. Or is driver version /= firmware version?

Ignore device manager, that's the driver version. You must patch

Mattersbro
01-12-2018, 06:30 PM
Ignore device manager, that's the driver version. You must patch
So device manager version is not important? Its weird because the version number are so similar to the firmware numbers. How do I find out what version my IME is then, without the Intel tool?
Because according to Intel-tool everything is fine, it says IME version is 8.0 and doesn't require any patch. But as you can see on picture, motherboard driver download site it says IME Version 11.0.

I just want to know if the tool really has detected the correct IME version.