Results 1 to 9 of 9
  1. #1
    ROG Guru: White Belt Array Gustave PC Specs
    Gustave PC Specs
    Laptop (Model)Asus ROG G703GI-XS98K - 8950HK - DDR4 65GB - 3x SSD Intel 760P 3TB [RAID0] - 1x SSD Samsung 2TB
    MotherboardAsus Rampage IV Extreme
    ProcessorCore i7 4960X
    Memory (part number)32GB Corsair CMT16GX3M4X2133C9
    Graphics Card #1EVGA GFX Titan
    Graphics Card #2EVGA GFX Titan
    MonitorDell S2340T
    Storage #18x Crucial RealSSD C300 @ 3Ware 9750-8i RAIDCntrlr 1.85 TB
    CPU CoolerCorsair H100i
    Power SupplyCorsair AX1200
    Network RouterDraytek Vigor 2960 / Ruckus Wireless ZD1200
    Gustave's Avatar
    Join Date
    Aug 2012
    Reputation
    13
    Posts
    122

    G752VY. Vulnerability Intel(R) Management Engine firmware for INTEL-SA-00086

    Hello All,

    Searching for information I stumbled upon this info regarding a vulnerability in the IMEI firmware that could give hackers acces to your (G752VY and probably other types as well) notebook. I thought to let you know. How severe this is, I don't know.

    Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
    As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

    Description:
    In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
    As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

    Affected products:



    • 6th, 7th & 8th Generation Intel® Core™ Processor Family
    • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
    • Intel® Xeon® Processor Scalable Family
    • Intel® Xeon® Processor W Family
    • Intel® Atom® C3000 Processor Family
    • Apollo Lake Intel® Atom Processor E3900 series
    • Apollo Lake Intel® Pentium™
    • Celeron™ N and J series Processors

    Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
    This includes scenarios where a successful attacker could:

    • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
    • Load and execute arbitrary code outside the visibility of the user and operating system.
    • Cause a system crash or system instability.
    • For more information, please see this Intel Support article

    If the INTEL-SA-00086 Detection Tool reported your system being vulnerable, please check with your system manufacturer for updated firmware. Links to system manufacturer pages concerning this issue can be found at http://www.intel.com/sa-00086-support.
    If you need further assistance, contact Customer Support to submit an online service request.

    Intel has released a downloadable detection tool located at http://www.intel.com/sa-00086-support , which will analyze your system for the vulnerabilities identified in this security advisory.

    https://security-center.intel.com/ad...nguageid=en-fr

    Regards.

  2. #2
    ROG Guru: White Belt Array Loaded Glove PC Specs
    Loaded Glove PC Specs
    Laptop (Model)Acer Aspire E5 575
    MotherboardAsus Maximus VIII Hero
    ProcessorIntel i7 6700k
    Memory (part number)Corsair CMK32GX4M2A2666C16
    Graphics Card #1Msi GTX 1080 Gaming X
    MonitorVizio E43 F1 4K HDR 60hz 444
    Storage #1Samsung 970 Evo M.2 250gb
    Storage #2Hitachi Deskstar 7K3000 2tb
    CPU CoolerBeQuiet! Dark Rock Pro 4
    CasePhanteks Enthoo Pro Tempered
    Power SupplyCooler Master V850 (Seasonic KM3)
    Keyboard iKBC F87 RGB (MX Cherry brown)
    Mouse Steel Series Rival 110
    Headset Steel Series Arctis 7
    Mouse Pad Steel Series QcK Mini
    OS Windows 10 Pro 64
    Accessory #1 Logitech F710 Gamepad
    Loaded Glove's Avatar
    Join Date
    Sep 2016
    Reputation
    10
    Posts
    91

    I have the Maximus Hero VIII, what is the oldest bios version/mei firmware version that is exempt from this threat? If you can link it from the download page, that would be super helpful and thanks in advance for any guidance anyone can provide. My current bios is old (version 2001) and I used the tool to discover that I am currently vulnerable.

  3. #3
    New ROGer Array
    Join Date
    Sep 2017
    Reputation
    10
    Posts
    5

    My last thread on General Discussion was closed with no valid reason, so I'll follow this...

  4. #4
    Banned Array JustinThyme PC Specs
    JustinThyme PC Specs
    Laptop (Model)G752VY-DH72
    MotherboardRampage VI Extreme
    ProcessorI9 9940X
    Memory (part number)64GB DDR4 8x8 Corsair Dominator Platinum 3800 MHz @ C17
    Graphics Card #1ASUS Strix 2080Ti O11G @ 2.1GHz
    Graphics Card #2ASUS Strix 2080Ti O11G @ 2.1Ghz
    Graphics Card #3ROG Nvlink
    Graphics Card #4Have to feed animals
    Sound CardExternal Audioengine D1 24 bit 192kbps DAC
    MonitorASUS PG348Q @ 100Hz
    Storage #1Intel 905P 480GB U2 flavor
    Storage #2Samsung 850 EVO 1TB X2 in RAID 0, 960 PRO 1TB DIMM.2_1
    CPU CoolerHeatKiller IV PRO and VRM blocks ,Dual D5 PWM serial, 2X 480, 1X 360 RADS
    CasePhanteks Enthoo Elite 8X LL120 PWM, 3X LL140 PWM, 12 SP120 PWM 1x AF140 PWM
    Power SupplyCorsair AX 1500i
    Keyboard ASUS Claymore
    Mouse ASUS Spatha, Logitech MX Master
    Headset Sennheiser HD 700
    Mouse Pad ASUS ROG Sheath
    Headset/Speakers Audioengine A5+ with SVS SB-1000 Sub
    OS Win10 Pro 1809
    Network RouterNetGear NightHawk X10
    Accessory #1 NetGear Prosafe 10GBe Switch
    Accessory #2 Qnap TVS-682 NAS modded with I7 CPU

    Join Date
    Nov 2013
    Reputation
    144
    Posts
    3,858

    This is not just the G752VY. This is across multiple platforms

    Proper link for detection tool instead of previous digging through several pages to find a link that takes you to another page to pilfer through to find another link that takes you where you need to be. This link is where you need to be. Download and run the tool and it will tell you if you are vulnerable which pretty much........All intel machines are.

    https://downloadcenter.intel.com/download/27150

  5. #5
    New ROGer Array
    Join Date
    Nov 2017
    Reputation
    10
    Posts
    7

    Still waiting for ASUS to provide an update.
    They didn't provide an update for the issue earlier this year.
    And if they provide an update this time either, it may be time to go the legal route of forcing ASUS by EU rules regarding defects that's been there since the start.

  6. #6
    ROG Guru: White Belt Array Loaded Glove PC Specs
    Loaded Glove PC Specs
    Laptop (Model)Acer Aspire E5 575
    MotherboardAsus Maximus VIII Hero
    ProcessorIntel i7 6700k
    Memory (part number)Corsair CMK32GX4M2A2666C16
    Graphics Card #1Msi GTX 1080 Gaming X
    MonitorVizio E43 F1 4K HDR 60hz 444
    Storage #1Samsung 970 Evo M.2 250gb
    Storage #2Hitachi Deskstar 7K3000 2tb
    CPU CoolerBeQuiet! Dark Rock Pro 4
    CasePhanteks Enthoo Pro Tempered
    Power SupplyCooler Master V850 (Seasonic KM3)
    Keyboard iKBC F87 RGB (MX Cherry brown)
    Mouse Steel Series Rival 110
    Headset Steel Series Arctis 7
    Mouse Pad Steel Series QcK Mini
    OS Windows 10 Pro 64
    Accessory #1 Logitech F710 Gamepad
    Loaded Glove's Avatar
    Join Date
    Sep 2016
    Reputation
    10
    Posts
    91

    I said in my post I already used the tool and confirmed I have an older firmare version for the mei that IS vulnerable to exploitation. I will ask again since it was glazed over... for the Maximus Hero VIII, which bios can I use which has an MEI firmware version that is NOT vulnerable? Is 3504 new enough, could I use an earlier version?

  7. #7
    ROG Enthusiast Array
    Join Date
    Aug 2014
    Reputation
    46
    Posts
    64

    You can patch manually, but make sure you read the disclaimers. Most laptops and desktops with current firmwares can be updated to the latest one but don't assume there is no risk. Read the disclaimers and do it at your own risk.

    https://www.win-raid.com/t596f39-Int...tem-Tools.html

    I updated my GT73VR laptop manually with this successfully (H firmware) to go to 11.8.50.3425 (100/200/300 series Kaby Lake) and the flash tool to flash the BIN, and now I am protected and patched, but don't yell at me if it bricks your system.

  8. #8
    ROG Guru: White Belt Array Loaded Glove PC Specs
    Loaded Glove PC Specs
    Laptop (Model)Acer Aspire E5 575
    MotherboardAsus Maximus VIII Hero
    ProcessorIntel i7 6700k
    Memory (part number)Corsair CMK32GX4M2A2666C16
    Graphics Card #1Msi GTX 1080 Gaming X
    MonitorVizio E43 F1 4K HDR 60hz 444
    Storage #1Samsung 970 Evo M.2 250gb
    Storage #2Hitachi Deskstar 7K3000 2tb
    CPU CoolerBeQuiet! Dark Rock Pro 4
    CasePhanteks Enthoo Pro Tempered
    Power SupplyCooler Master V850 (Seasonic KM3)
    Keyboard iKBC F87 RGB (MX Cherry brown)
    Mouse Steel Series Rival 110
    Headset Steel Series Arctis 7
    Mouse Pad Steel Series QcK Mini
    OS Windows 10 Pro 64
    Accessory #1 Logitech F710 Gamepad
    Loaded Glove's Avatar
    Join Date
    Sep 2016
    Reputation
    10
    Posts
    91

    I have almost updated my bios many times this year, but procrastinated because I am of the school of thought where if it ain't broke, don't fix it. Even with drivers like graphics card drivers especially, I won't get the newest if whatever 1 I have installed has no issues with any games I'm playing. Generally I only update things if I have no choice or if I run into an issue that a newer driver or firmware might fix.

  9. #9
    ROG Guru: White Belt Array Gustave PC Specs
    Gustave PC Specs
    Laptop (Model)Asus ROG G703GI-XS98K - 8950HK - DDR4 65GB - 3x SSD Intel 760P 3TB [RAID0] - 1x SSD Samsung 2TB
    MotherboardAsus Rampage IV Extreme
    ProcessorCore i7 4960X
    Memory (part number)32GB Corsair CMT16GX3M4X2133C9
    Graphics Card #1EVGA GFX Titan
    Graphics Card #2EVGA GFX Titan
    MonitorDell S2340T
    Storage #18x Crucial RealSSD C300 @ 3Ware 9750-8i RAIDCntrlr 1.85 TB
    CPU CoolerCorsair H100i
    Power SupplyCorsair AX1200
    Network RouterDraytek Vigor 2960 / Ruckus Wireless ZD1200
    Gustave's Avatar
    Join Date
    Aug 2012
    Reputation
    13
    Posts
    122

    About this INTEL-SA-00086 vulnerability: I contacted Asus and they replied that the issue is under investigation and they expect to release an update in Januari 2018.

    For the G752VY it can be found on its support website:

    https://www.asus.com/ROG-Republic-Of...Desk_Download/

    There will also be an automatic update through Asus Live Update.

    http://dlcdnet.asus.com/pub/ASUS/nb/...Update_343.zip

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •