Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
  1. #1
    ROG Member Array
    Join Date
    Apr 2017
    Reputation
    10
    Posts
    7

    Exclamation Intel® Management Engine Critical Firmware Update (Intel-SA-00086)

    Are we going to be able to get a BIOS/firmware update for this vulnerability? I realize our boards are ~2 years old at this point, but it's a pain point to continue to deal with Intel's Management Engine on essentially every product on the market.

    Click image for larger version. 

Name:	Capture.PNG 
Views:	0 
Size:	44.4 KB 
ID:	82356

    I don't expect a fix to be released already, as this was last released/updated just over a week ago, but it'd be nice to know we can expect to see something in the future. Thanks for your time.

    EDIT: Intel left this link, but i'm not able to make much sense of it (not to mention it's also, nearly two years old): https://www.asus.com/News/q5R9EixxfAqo1anZ
    Last edited by peatrick; 10-07-2019 at 04:22 AM. Reason: corrected typo(s).

  2. #2
    ROG Enthusiast Array Elkmar PC Specs
    Elkmar PC Specs
    MotherboardAsus Maximus Hero IX
    ProcessorIntel Core i7-7700K
    Memory (part number)CMK16GX4M2B3000C15
    Graphics Card #1ROG Strix GeForce RTX™ 2080 OC edition
    Sound CardCreative Sound Blaster ZxR
    MonitorEizo FORIS FS2333
    Storage #1Samsung SSD 960 PRO 512GB+970 PRO 1TB
    Storage #2WDC WD1000DHTZ
    CPU CoolerAlphacool Eisbaer 240
    CaseAsus ROG Strix Helios
    Power SupplyCooler Master V750
    Keyboard Razer Blackwidow Chroma v2
    Mouse Razer Naga Trinity
    Headset Sennheiser PC323D GAME
    Mouse Pad Razer Firefly Cloth Edition
    Headset/Speakers Creative Sound BlasterX Katana
    OS Windows 10 Pro 64-bit
    Accessory #1 ROG Aura Terminal
    Accessory #2 ROG Aura Terminal
    Elkmar's Avatar
    Join Date
    May 2018
    Reputation
    11
    Posts
    26

    peatrick, what mb do you use?

    Also, for this vulnerability asus upload firmware to their servers (and also bios updates with this fix are presented), just go to download page of your mb.
    English is not my native language, so I'm sorry if I make some mistakes.

  3. #3
    ROG Member Array
    Join Date
    Apr 2017
    Reputation
    10
    Posts
    7

    Thank you very very much for the prompt response, @Elkmar -- apparently I haven't done enough homework, or reading. I have the ROG MAXIMUS IX HERO and am running BIOS version 1301, from way back on 2018/04/20: https://www.asus.com/us/Motherboards...HelpDesk_BIOS/

    I'm missing what update I should be applying. Will continue poking around, but don't think we have anything to fix this. At least not according to Intel's tool, my system is still vulnerable (as you can see from the above image). Maybe i missed something, will go back and look through more downloads.

    EDIT: I just noticed your pull-down system specs! We have nearly the same PC. Same CPU & mobo. You have impeccable taste!

    EDIT2: I checked through all the motherboard drivers, tools, BIOS & firmware releases and there's nothing more recent than what I already have. This is really unfortunate, I don't get how to resolve this. Happen to have any links? If you run the test through on your machine, does it also say "vulnerable" or have you successfully patched your system?

    My IMEI says version 1910.13.0.1060 from March 4, 2019 -- but the tool still suggests i'm vulnerable. >.<
    Last edited by peatrick; 10-07-2019 at 12:03 PM.

  4. #4
    ROG Enthusiast Array Elkmar PC Specs
    Elkmar PC Specs
    MotherboardAsus Maximus Hero IX
    ProcessorIntel Core i7-7700K
    Memory (part number)CMK16GX4M2B3000C15
    Graphics Card #1ROG Strix GeForce RTX™ 2080 OC edition
    Sound CardCreative Sound Blaster ZxR
    MonitorEizo FORIS FS2333
    Storage #1Samsung SSD 960 PRO 512GB+970 PRO 1TB
    Storage #2WDC WD1000DHTZ
    CPU CoolerAlphacool Eisbaer 240
    CaseAsus ROG Strix Helios
    Power SupplyCooler Master V750
    Keyboard Razer Blackwidow Chroma v2
    Mouse Razer Naga Trinity
    Headset Sennheiser PC323D GAME
    Mouse Pad Razer Firefly Cloth Edition
    Headset/Speakers Creative Sound BlasterX Katana
    OS Windows 10 Pro 64-bit
    Accessory #1 ROG Aura Terminal
    Accessory #2 ROG Aura Terminal
    Elkmar's Avatar
    Join Date
    May 2018
    Reputation
    11
    Posts
    26

    I think that problem is not SA-00086

    I have seen you screencap again and have noticed that this tool detects SA-00213. We have not "official" asus download for fix of this vulnerability but we can use firmware from this thread (I have done this and have zero problems, but do it at your own risk!): https://rog.asus.com/forum/showthrea...amp-B365-Z370)
    English is not my native language, so I'm sorry if I make some mistakes.

  5. #5
    ROG Member Array
    Join Date
    Apr 2017
    Reputation
    10
    Posts
    7

    Wink

    Quote Originally Posted by Elkmar View Post
    I think that problem is not SA-00086
    Thank you, thank you, @Elkmar sir! I'll look into this later this evening, first chance I get. I fired up my laptop (HP Spectre x360, from 2017) to verify and that said "This system has been patched"

    • HP Spectre x360 - 15-bl112dx
    • Intel Core i7-8550U (1.8 GHz base frequency, up to 4 GHz with Intel Turbo Boost Technology, 8 MB cache, 4 cores)
    • 16 GB DDR4-2133 SDRAM (2 x 8 GB)
    • NVIDIA GeForce MX150 (2 GB GDDR5 dedicated)
    • 512 GB PCIe NVMe M.2 SSD


    Not sure exactly what motherboard it has, but i've gotten a recent BIOS / firmware patch directly from HP, which seems to have resolved the issue, however I'm struggling to patch this on my desktop.

    EDIT: Currently running IMEI firmware version: 1910.13.0.1060 from March 4, 2019. -- so this is something we can directly download from Intel's website? I was skeptical of using the mega download link location, prefer to use official sources when possible. This tool, suggests we can only get these from our motherboard manufacturers?

    >> https://www.intel.com/content/www/us.../software.html

    Frequently asked questions:​

    Q: The Intel CSME Version Detection Tool reports that my system is vulnerable. What do I do?
    A: Intel has provided system and motherboard manufacturers with the necessary firmware and software updates to resolve the vulnerabilities identified in Security Advisory Intel-SA-00086.

    Contact your system or motherboard manufacturer regarding their plans for making the updates available to end users.

    Some manufacturers have provided Intel with a direct link for their customers to obtain additional information and available software updates (Refer to the list below).

    Q: Why do I need to contact my system or motherboard manufacturer? Why can’t Intel provide the necessary update for my system?
    A: Intel is unable to provide a generic update due to management engine firmware customizations performed by system and motherboard manufacturers.
    Last edited by peatrick; 10-10-2019 at 09:40 PM.

  6. #6
    ROG Enthusiast Array Elkmar PC Specs
    Elkmar PC Specs
    MotherboardAsus Maximus Hero IX
    ProcessorIntel Core i7-7700K
    Memory (part number)CMK16GX4M2B3000C15
    Graphics Card #1ROG Strix GeForce RTX™ 2080 OC edition
    Sound CardCreative Sound Blaster ZxR
    MonitorEizo FORIS FS2333
    Storage #1Samsung SSD 960 PRO 512GB+970 PRO 1TB
    Storage #2WDC WD1000DHTZ
    CPU CoolerAlphacool Eisbaer 240
    CaseAsus ROG Strix Helios
    Power SupplyCooler Master V750
    Keyboard Razer Blackwidow Chroma v2
    Mouse Razer Naga Trinity
    Headset Sennheiser PC323D GAME
    Mouse Pad Razer Firefly Cloth Edition
    Headset/Speakers Creative Sound BlasterX Katana
    OS Windows 10 Pro 64-bit
    Accessory #1 ROG Aura Terminal
    Accessory #2 ROG Aura Terminal
    Elkmar's Avatar
    Join Date
    May 2018
    Reputation
    11
    Posts
    26

    peatrick, 1910.13.0.1060 is not FW, it's windows driver!

    IME consists of two parts: driver for OS (which we can use from intel site) and firmware which is the part of bios. IME firmware also consists of some parts. Firmware update often changes only intel's part.
    If you want to know more about intel management engine - read this topic: https://www.win-raid.com/t596f39-Int...tem-Tools.html

    Also on your screen from your first message I see in the explanation that tool find SA-00213, not SA-00086 (and the link in that explanation completely different from https://www.intel.com/content/www/us.../software.html! Be more careful!). And if we want to fix this vulnerability than we must use new firmware that we can get from win-raid forum (see link in this message) or from MoKiChU's topic, asus does not provide this file (and if asus get us this file - it's be the same as file from sources that I pointed out). I used MoKiChU's file for update and all works fine.
    English is not my native language, so I'm sorry if I make some mistakes.

  7. #7
    ROG Member Array
    Join Date
    Apr 2017
    Reputation
    10
    Posts
    7

    What happens when you run this tool through, @Elkmar, sir? Thank you for continuing to assist me with this.

    > https://downloadcenter.intel.com/download/28632

    Or if you prefer, a direct download link (for Windows tool).

    My results:
    ----------
    Tool Started 10/10/2019 5:37:18 PM
    Name: i7
    Manufacturer: System manufacturer
    Model: System Product Name
    Processor Name: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz
    OS Version: Microsoft Windows 10 Pro
    Status: This system is vulnerable.
    Tool Stopped
    Last edited by peatrick; 10-10-2019 at 09:41 PM.

  8. #8
    ROG Enthusiast Array Elkmar PC Specs
    Elkmar PC Specs
    MotherboardAsus Maximus Hero IX
    ProcessorIntel Core i7-7700K
    Memory (part number)CMK16GX4M2B3000C15
    Graphics Card #1ROG Strix GeForce RTX™ 2080 OC edition
    Sound CardCreative Sound Blaster ZxR
    MonitorEizo FORIS FS2333
    Storage #1Samsung SSD 960 PRO 512GB+970 PRO 1TB
    Storage #2WDC WD1000DHTZ
    CPU CoolerAlphacool Eisbaer 240
    CaseAsus ROG Strix Helios
    Power SupplyCooler Master V750
    Keyboard Razer Blackwidow Chroma v2
    Mouse Razer Naga Trinity
    Headset Sennheiser PC323D GAME
    Mouse Pad Razer Firefly Cloth Edition
    Headset/Speakers Creative Sound BlasterX Katana
    OS Windows 10 Pro 64-bit
    Accessory #1 ROG Aura Terminal
    Accessory #2 ROG Aura Terminal
    Elkmar's Avatar
    Join Date
    May 2018
    Reputation
    11
    Posts
    26

    See attachment. I emphasized IME firmware version (firmware is from MoKiChU's topic as I said earlier). IME driver is the last from intel site (https://downloadcenter.intel.com/dow...?product=98089).
    Miniatura de Adjuntos Miniatura de Adjuntos 2019-10-11 190008.png  

    English is not my native language, so I'm sorry if I make some mistakes.

  9. #9
    ROG Member Array
    Join Date
    Apr 2017
    Reputation
    10
    Posts
    7

    Quote Originally Posted by Elkmar View Post
    See attachment. I emphasized IME firmware version (firmware is from MoKiChU's topic as I said earlier). IME driver is the last from intel site (https://downloadcenter.intel.com/dow...?product=98089).
    Click image for larger version. 

Name:	Capture.PNG 
Views:	0 
Size:	28.1 KB 
ID:	82572

    I'm definitely a version (or three) behind. Thank you again for your patience and expertise while I attempt to lock down this vulnerability.

  10. #10
    New ROGer Array
    Join Date
    Sep 2019
    Reputation
    13
    Posts
    1

    Exclamation

    Hi.

    How is it possible that ASUS does not provide a file to solve the vulnerability SA-00213 as it did with SA-00086?

    Now we have two vulnerabilities that are present and that ASUS does not resolve by providing a file for SA-00213 and SA-00241.

    https://www.intel.com/content/www/us...hnologies.html

Page 1 of 2 1 2 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •