Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

G752VY. Vulnerability Intel(R) Management Engine firmware for INTEL-SA-00086

Gustave
Level 9

‎11-23-2017 11:36 PM - last edited on ‎03-05-2024 09:42 PM by Community Admin

Hello All,

Searching for information I stumbled upon this info regarding a vulnerability in the IMEI firmware that could give hackers acces to your (G752VY and probably other types as well) notebook. I thought to let you know. How severe this is, I don't know.

Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

Description: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Affected products:



  • 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series Processors

Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
This includes scenarios where a successful attacker could:


  • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
  • Load and execute arbitrary code outside the visibility of the user and operating system.
  • Cause a system crash or system instability.
  • For more information, please see this Intel Support article

If the INTEL-SA-00086 Detection Tool reported your system being vulnerable, please check with your system manufacturer for updated firmware. Links to system manufacturer pages concerning this issue can be found at http://www.intel.com/sa-00086-support.
If you need further assistance, contact Customer Support to submit an online service request.

Intel has released a downloadable detection tool located at http://www.intel.com/sa-00086-support , which will analyze your system for the vulnerabilities identified in this security advisory.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Regards.
[SIGPIC][/SIGPIC]
Labels:
0 Kudos
4,579 Views
8 REPLIES 8

Loaded_Glove
Level 7

‎11-24-2017 12:23 AM

I have the Maximus Hero VIII, what is the oldest bios version/mei firmware version that is exempt from this threat? If you can link it from the download page, that would be super helpful and thanks in advance for any guidance anyone can provide. My current bios is old (version 2001) and I used the tool to discover that I am currently vulnerable.
0 Kudos

Mechmaniac
Level 7
In response to Loaded_Glove

‎11-24-2017 07:10 AM

My last thread on General Discussion was closed with no valid reason, so I'll follow this...
0 Kudos

JustinThyme
Level 13

‎11-24-2017 08:45 AM

This is not just the G752VY. This is across multiple platforms

Proper link for detection tool instead of previous digging through several pages to find a link that takes you to another page to pilfer through to find another link that takes you where you need to be. This link is where you need to be. Download and run the tool and it will tell you if you are vulnerable which pretty much........All intel machines are.

https://downloadcenter.intel.com/download/27150



“Two things are infinite: the universe and human stupidity, I'm not sure about the former” ~ Albert Einstein
0 Kudos

meowmeowmeow
Level 7
In response to JustinThyme

‎11-24-2017 09:12 AM

Still waiting for ASUS to provide an update.
They didn't provide an update for the issue earlier this year.
And if they provide an update this time either, it may be time to go the legal route of forcing ASUS by EU rules regarding defects that's been there since the start.
0 Kudos

Loaded_Glove
Level 7

‎11-24-2017 10:20 AM

I said in my post I already used the tool and confirmed I have an older firmare version for the mei that IS vulnerable to exploitation. I will ask again since it was glazed over... for the Maximus Hero VIII, which bios can I use which has an MEI firmware version that is NOT vulnerable? Is 3504 new enough, could I use an earlier version?
0 Kudos

Falkentyne
Level 12
In response to Loaded_Glove

‎11-24-2017 03:37 PM

You can patch manually, but make sure you read the disclaimers. Most laptops and desktops with current firmwares can be updated to the latest one but don't assume there is no risk. Read the disclaimers and do it at your own risk.

https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

I updated my GT73VR laptop manually with this successfully (H firmware) to go to 11.8.50.3425 (100/200/300 series Kaby Lake) and the flash tool to flash the BIN, and now I am protected and patched, but don't yell at me if it bricks your system.
0 Kudos

Loaded_Glove
Level 7

‎11-24-2017 04:44 PM

I have almost updated my bios many times this year, but procrastinated because I am of the school of thought where if it ain't broke, don't fix it. Even with drivers like graphics card drivers especially, I won't get the newest if whatever 1 I have installed has no issues with any games I'm playing. Generally I only update things if I have no choice or if I run into an issue that a newer driver or firmware might fix.
0 Kudos

Gustave
Level 9
In response to Loaded_Glove

‎11-28-2017 04:01 AM

About this INTEL-SA-00086 vulnerability: I contacted Asus and they replied that the issue is under investigation and they expect to release an update in Januari 2018.

For the G752VY it can be found on its support website:

https://www.asus.com/ROG-Republic-Of-Gamers/ROG-G752VY/HelpDesk_Download/

There will also be an automatic update through Asus Live Update.

http://dlcdnet.asus.com/pub/ASUS/nb/UX303UB/ASUS_LiveUpdate_343.zip
[SIGPIC][/SIGPIC]
0 Kudos