cancel
Showing results for 
Search instead for 
Did you mean: 

[FIRMWARE] Intel ME (H470/Z490)

MoKiChU
Level 40

Hi everyone,

- Intel ME Consumer Firmware :

Firmware : 14.1.72.2287 [24/06/2023]
PMC Firmware : 140.2.01.1018 [22/02/2021]
PCHC Firmware : 14.0.0.7002 [12/06/2020]
PHY Firmware : 12.14.215.2015 [25/08/2021]
Download : Link

Check/Update Process :

Check current version : Right click on "Check.cmd" > Run as administrator

Install/Update : Right click on "Install.cmd" > Run as administrator > Automatic restart when install is done


OS requirements : Windows 10 64 bit or more recent.
Hardware requirements : Motherboards with Intel H470/Z490 chipset.

905 Views
234 REPLIES 234

Falkentyne wrote:
I've always wondered if there's any real benefit to updating the ME firmware. Are there any specific bugs that are fixed that anyone ever notices? I'm on stock ME firmware (or whatever is embedded in 0607 and 0069 M12E Bios).


very good question, since there are places where it indicates not to install Intel ME

I am running firmware 14.1.51.1528, which is very recent, yet the latest (December) CSME version detection tool says I *may* be vulnerable. I assume this is just the tool not knowing about this update. Will do your latest anyhow in a bit.

Thanks in advance.

ROG Hero XIII | 10900k @5.2 GHz | g.skill 2x32GB 4200 CL18 | ROG Strix 2070S | EK Nucleus 360 Dark | 6TB SSD/nvme, 16TB external HDD | 2x 1440p | Vanatoo speakers with Klipsch sub | Fractal Meshify 2 case

geneo wrote:
I am running firmware 14.1.51.1528, which is very recent, yet the latest (December) CSME version detection tool says I *may* be vulnerable. I assume this is just the tool not knowing about this update. Will do your latest anyhow in a bit.

Thanks in advance.
geneo wrote:
Update went smooth. Will run some tests. Thanks again.

It looks like the CSME version detection tool needs updating!
moe_lvr_666 wrote:
I'm getting the same message Detection Error...
Z490 Maximus XII Hero
I9 10900k
Rog Strix 3090



Hi,

It's just that the version 4.1.0.0 of the CSME Version Detection Tool is older than the firmware 14.1.xx.xxxx branch and it doesn't recognize it, hence this Detection Error message.

As long as you don't see the This system is vulnerable message, you're fine.

MoKiChU wrote:
Hi,

It's just that the version 4.1.0.0 of the CSME Version Detection Tool is older than the firmware 14.1.xx.xxxx branch and it doesn't recognize it, hence this Detection Error message.

As long as you don't see the This system is vulnerable message, you're fine.


The statement "This system may be vulnerable" is of course, always true (especially with the ongoing slew of vulnerabilities being uncovered). 😉

I think that it is unlikely these will be exploited in the consumer space, more likely commercial, but I am not going to bank on it (pun intended).

ROG Hero XIII | 10900k @5.2 GHz | g.skill 2x32GB 4200 CL18 | ROG Strix 2070S | EK Nucleus 360 Dark | 6TB SSD/nvme, 16TB external HDD | 2x 1440p | Vanatoo speakers with Klipsch sub | Fractal Meshify 2 case

geneo wrote:
The statement "This system may be vulnerable" is of course, always true (especially with the ongoing slew of vulnerabilities being uncovered). 😉

I think that it is unlikely these will be exploited in the consumer space, more likely commercial, but I am not going to bank on it (pun intended).

moe_lvr_666 wrote:
MoKiChU, thank you very much sir! I'll email Intel about CSME Detection tool is outdated.
Great Job!


Hi,

The Intel detection tool does only detect according to the vulnerability data with which it was programmed.

If you are in doubt, and don't want to wait for the next Intel detection tool with updated vulnerability data, you can see that the latest vulnerability data (updated 22/01/2021) indicates that the branch Intel ME 14.1.xx.xxxx is not vulnerable at all to the latest vulnerabilities :



INTEL-SA-00391 (Source) : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html

MoKiChU wrote:
Hi,

The Intel detection tool does only detect according to the vulnerability data with which it was programmed.

If you are in doubt, and don't want to wait for the next Intel detection tool with updated vulnerability data, you can see that the latest vulnerability data (updated 22/01/2021) indicates that the branch Intel ME 14.1.xx.xxxx is not vulnerable at all to the latest vulnerabilities :



INTEL-SA-00391 (Source) : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html

I am aware of all of that. It was in jest.

ROG Hero XIII | 10900k @5.2 GHz | g.skill 2x32GB 4200 CL18 | ROG Strix 2070S | EK Nucleus 360 Dark | 6TB SSD/nvme, 16TB external HDD | 2x 1440p | Vanatoo speakers with Klipsch sub | Fractal Meshify 2 case

MoKiChU wrote:
Hi,

The Intel detection tool does only detect according to the vulnerability data with which it was programmed.

If you are in doubt, and don't want to wait for the next Intel detection tool with updated vulnerability data, you can see that the latest vulnerability data (updated 22/01/2021) indicates that the branch Intel ME 14.1.xx.xxxx is not vulnerable at all to the latest vulnerabilities :



INTEL-SA-00391 (Source) : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391.html


Master!

MoKiChU wrote:
Hi,

It's just that the version 4.1.0.0 of the CSME Version Detection Tool is older than the firmware 14.1.xx.xxxx branch and it doesn't recognize it, hence this Detection Error message.

As long as you don't see the This system is vulnerable message, you're fine.


MoKiChU, thank you very much sir! I'll email Intel about CSME Detection tool is outdated.
Great Job!

MoKiChU
Level 40
Falkentyne wrote:
I've always wondered if there's any real benefit to updating the ME firmware. Are there any specific bugs that are fixed that anyone ever notices? I'm on stock ME firmware (or whatever is embedded in 0607 and 0069 M12E Bios).


Hi,

Like all the other elements of the systems you update (drivers, firmwares, BIOS/UEFI, OS etc.), the changes are bug fixed, security flaw fixed ...

GanjaHouse wrote:
there are places where it indicates not to install Intel ME


Hi,

I do not know where you read this information but it is completely false and inconsistent :

- Intel ME should not be "installed"? But this one is already "installed" ! It is contained in your BIOS/UEFI, and this one can be updated with your usual BIOS/UEFI updates or via an independent Intel updater (what I propose here).
- Intel ME (Management Engine) is an embedded microcontroller (integrated on Intel chipsets) running a lightweight microkernel OS, it is so buried and linked to all the elements of the system, that it is impossible to disable it.


So in the impossibility of not installing/uninstalling/disabling it, you might as well have the latest version with all the known flaws/bugs fixed.

Ataemonus
Level 11
I flashed the OP file, works perfectly.
In the meantime, I learned that my way of building the image file for flashing was wrong, worked on the v12 firmware version, but not on the v14, so I now know the correct way.
Thank you @MoKiChU