[nSLUG] BIOS updating

Dave Flogeras dflogeras2 at gmail.com
Wed Jun 14 18:42:33 ADT 2017


There is also this project

https://github.com/mjg59/mei-amt-check/

On Wed, Jun 14, 2017 at 6:40 PM, Joel Maxuel <j.maxuel at gmail.com> wrote:

> Well then...
>
> INTEL-SA-00075-Discovery-Tool -- Release 0.8
> Copyright (C) 2003-2012, 2017 Intel Corporation.  All rights reserved
>
>
> ------------------Firmware Information--------------------
>
> Intel(R) AMT: ENABLED
> Flash:    8.1.0
> Netstack:    8.1.0
> AMTApps:    8.1.0
> AMT:    8.1.0
> Sku:    24584
> VendorID:    8086
> Build Number:    1265
> Recovery Version:    8.1.0
> Recovery Build Num:    1265
> Legacy Mode:    False
>
> -----------------SKU Information-----------------
>          Corporate SKU
>          Intel(R) Anti-Theft Technology (Intel(R) AT)
>          Intel(R) Active Management Technology
> -------------------------------------------------
>
> PROVISIONING_STATE = PRE
>
> ------------------Vulnerability Status--------------------
> Based on the version of the Intel(R) MEI, the System is Vulnerable.
> If Vulnerable, contact your OEM for support and remediation of this system.
> For more information, refer to CVE-2017-5689 at:
> https://nvd.nist.gov/vuln/detail/CVE-2017-5689 or the Intel security
> advisory
> Intel-SA-00075 at:
> https://security-center.intel.com/advisory.aspx?intelid=
> INTEL-SA-00075&languageid=en-fr
> ----------------------------------------------------------
>
>
>
> --
> Cheers,
> Joel Maxuel
>
> "One should strive to achieve, not sit in bitter regret."
>  - Ronan Harris / Mark Jackson
>
> On Wed, Jun 14, 2017 at 4:10 PM, D G Teed <donald.teed at gmail.com> wrote:
>
>>
>> I was puzzled by the whole thing when I read up on it a couple of weeks
>> ago.
>>
>> It is enabled on the BIOS of many systems, even if you don't have a vPro
>> sticker.
>> However, it won't be listening unless the IP had been configured on the
>> system
>> to offer the management services.  Once it is configured, that IP is alive
>> even when the system is powered off.  Some newer systems have removed the
>> option from the BIOs to disable IME.  It is like lights out or baseboard
>> management
>> built-in to the main ethernet interface on the mainboard.
>>
>> Big risk for anyone who has configured it, but just something
>> to be aware of for the rest of us.
>>
>>
>>
>> On Wed, Jun 14, 2017 at 11:00 AM, George N. White III <gnwiii at gmail.com>
>> wrote:
>>
>>> On 14 June 2017 at 08:16, Joel Maxuel <j.maxuel at gmail.com> wrote:
>>>
>>>> Thanks Dave.  I missed the memo on the active IME exploit.
>>>>
>>>> May not be much help to me anyway, based on the summary of changes for
>>>> my latest MoBo update:
>>>> http://support.lenovo.com/ca/en/downloads/ds029265
>>>>
>>>> I can check to see how bad it is, and what steps I can take tonight:
>>>> https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-
>>>> Mitigation-Tools
>>>>
>>>> Thank you again.
>>>>
>>>
>>> Some US Government employees were told to get rid of their Lenovo
>>> laptops last fall.  Then in
>>> May Lenovo released Intel Management Engine Firmware 9.5 for my SSC
>>> issued
>>> laptop -- makes me wonder if US Gov't knew about IME exploits before
>>> they were made public,
>>> and if there are active exploits that still aren't public.
>>>
>>> Some articles suggest IME isn't an issue for linux users unless you use
>>> a high-end server
>>> farm that uses Intel's management tools, (possibly Google apps). That
>>> doesn't mean high-end
>>> malware won't leverage IME, but probably only after gaining full control
>>> of the system.   For
>>> home linux systems there may not be much to be gained from IME based
>>> exploits, but it
>>> sounds like something TLA agencies would use, so will probably escape to
>>> malware
>>> sooner or later.
>>>
>>> --
>>> George N. White III <aa056 at chebucto.ns.ca>
>>> Head of St. Margarets Bay, Nova Scotia
>>>
>>> _______________________________________________
>>> nSLUG mailing list
>>> nSLUG at nslug.ns.ca
>>> http://nslug.ns.ca/mailman/listinfo/nslug
>>>
>>>
>>
>> _______________________________________________
>> nSLUG mailing list
>> nSLUG at nslug.ns.ca
>> http://nslug.ns.ca/mailman/listinfo/nslug
>>
>>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20170614/8dfb84d8/attachment-0001.html>


More information about the nSLUG mailing list