[nSLUG] BIOS updating

Joel Maxuel j.maxuel at gmail.com
Wed Jun 14 18:40:04 ADT 2017

Well then...

INTEL-SA-00075-Discovery-Tool -- Release 0.8
Copyright (C) 2003-2012, 2017 Intel Corporation.  All rights reserved

------------------Firmware Information--------------------

Flash:    8.1.0
Netstack:    8.1.0
AMTApps:    8.1.0
AMT:    8.1.0
Sku:    24584
VendorID:    8086
Build Number:    1265
Recovery Version:    8.1.0
Recovery Build Num:    1265
Legacy Mode:    False

-----------------SKU Information-----------------
         Corporate SKU
         Intel(R) Anti-Theft Technology (Intel(R) AT)
         Intel(R) Active Management Technology


------------------Vulnerability Status--------------------
Based on the version of the Intel(R) MEI, the System is Vulnerable.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 at:
https://nvd.nist.gov/vuln/detail/CVE-2017-5689 or the Intel security
Intel-SA-00075 at:

Joel Maxuel

"One should strive to achieve, not sit in bitter regret."
 - Ronan Harris / Mark Jackson

On Wed, Jun 14, 2017 at 4:10 PM, D G Teed <donald.teed at gmail.com> wrote:

> I was puzzled by the whole thing when I read up on it a couple of weeks
> ago.
> It is enabled on the BIOS of many systems, even if you don't have a vPro
> sticker.
> However, it won't be listening unless the IP had been configured on the
> system
> to offer the management services.  Once it is configured, that IP is alive
> even when the system is powered off.  Some newer systems have removed the
> option from the BIOs to disable IME.  It is like lights out or baseboard
> management
> built-in to the main ethernet interface on the mainboard.
> Big risk for anyone who has configured it, but just something
> to be aware of for the rest of us.
> On Wed, Jun 14, 2017 at 11:00 AM, George N. White III <gnwiii at gmail.com>
> wrote:
>> On 14 June 2017 at 08:16, Joel Maxuel <j.maxuel at gmail.com> wrote:
>>> Thanks Dave.  I missed the memo on the active IME exploit.
>>> May not be much help to me anyway, based on the summary of changes for
>>> my latest MoBo update:
>>> http://support.lenovo.com/ca/en/downloads/ds029265
>>> I can check to see how bad it is, and what steps I can take tonight:
>>> https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-
>>> Mitigation-Tools
>>> Thank you again.
>> Some US Government employees were told to get rid of their Lenovo laptops
>> last fall.  Then in
>> May Lenovo released Intel Management Engine Firmware 9.5 for my SSC
>> issued
>> laptop -- makes me wonder if US Gov't knew about IME exploits before they
>> were made public,
>> and if there are active exploits that still aren't public.
>> Some articles suggest IME isn't an issue for linux users unless you use a
>> high-end server
>> farm that uses Intel's management tools, (possibly Google apps). That
>> doesn't mean high-end
>> malware won't leverage IME, but probably only after gaining full control
>> of the system.   For
>> home linux systems there may not be much to be gained from IME based
>> exploits, but it
>> sounds like something TLA agencies would use, so will probably escape to
>> malware
>> sooner or later.
>> --
>> George N. White III <aa056 at chebucto.ns.ca>
>> Head of St. Margarets Bay, Nova Scotia
>> _______________________________________________
>> nSLUG mailing list
>> nSLUG at nslug.ns.ca
>> http://nslug.ns.ca/mailman/listinfo/nslug
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20170614/7a6e6f72/attachment.html>

More information about the nSLUG mailing list