cancel
Showing results for 
Search instead for 
Did you mean: 

G752VY. Vulnerability Intel(R) Management Engine firmware for INTEL-SA-00086

Gustave
Level 9
Hello All,

Searching for information I stumbled upon this info regarding a vulnerability in the IMEI firmware that could give hackers acces to your (G752VY and probably other types as well) notebook. I thought to let you know. How severe this is, I don't know.

Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

Description:
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Affected products:




  • 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series Processors

Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
This includes scenarios where a successful attacker could:


  • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
  • Load and execute arbitrary code outside the visibility of the user and operating system.
  • Cause a system crash or system instability.
  • For more information, please see this Intel Support article

If the INTEL-SA-00086 Detection Tool reported your system being vulnerable, please check with your system manufacturer for updated firmware. Links to system manufacturer pages concerning this issue can be found at http://www.intel.com/sa-00086-support.
If you need further assistance, contact Customer Support to submit an online service request.

Intel has released a downloadable detection tool located at http://www.intel.com/sa-00086-support , which will analyze your system for the vulnerabilities identified in this security advisory.

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Regards.
[SIGPIC][/SIGPIC]
701 Views
8 REPLIES 8

Loaded_Glove
Level 7
I have the Maximus Hero VIII, what is the oldest bios version/mei firmware version that is exempt from this threat? If you can link it from the download page, that would be super helpful and thanks in advance for any guidance anyone can provide. My current bios is old (version 2001) and I used the tool to discover that I am currently vulnerable.

My last thread on General Discussion was closed with no valid reason, so I'll follow this...

JustinThyme
Level 13
This is not just the G752VY. This is across multiple platforms

Proper link for detection tool instead of previous digging through several pages to find a link that takes you to another page to pilfer through to find another link that takes you where you need to be. This link is where you need to be. Download and run the tool and it will tell you if you are vulnerable which pretty much........All intel machines are.

https://downloadcenter.intel.com/download/27150



“Two things are infinite: the universe and human stupidity, I'm not sure about the former” ~ Albert Einstein

Still waiting for ASUS to provide an update.
They didn't provide an update for the issue earlier this year.
And if they provide an update this time either, it may be time to go the legal route of forcing ASUS by EU rules regarding defects that's been there since the start.

Loaded_Glove
Level 7
I said in my post I already used the tool and confirmed I have an older firmare version for the mei that IS vulnerable to exploitation. I will ask again since it was glazed over... for the Maximus Hero VIII, which bios can I use which has an MEI firmware version that is NOT vulnerable? Is 3504 new enough, could I use an earlier version?

You can patch manually, but make sure you read the disclaimers. Most laptops and desktops with current firmwares can be updated to the latest one but don't assume there is no risk. Read the disclaimers and do it at your own risk.

https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html

I updated my GT73VR laptop manually with this successfully (H firmware) to go to 11.8.50.3425 (100/200/300 series Kaby Lake) and the flash tool to flash the BIN, and now I am protected and patched, but don't yell at me if it bricks your system.

Loaded_Glove
Level 7
I have almost updated my bios many times this year, but procrastinated because I am of the school of thought where if it ain't broke, don't fix it. Even with drivers like graphics card drivers especially, I won't get the newest if whatever 1 I have installed has no issues with any games I'm playing. Generally I only update things if I have no choice or if I run into an issue that a newer driver or firmware might fix.

About this INTEL-SA-00086 vulnerability: I contacted Asus and they replied that the issue is under investigation and they expect to release an update in Januari 2018.

For the G752VY it can be found on its support website:

https://www.asus.com/ROG-Republic-Of-Gamers/ROG-G752VY/HelpDesk_Download/

There will also be an automatic update through Asus Live Update.

http://dlcdnet.asus.com/pub/ASUS/nb/UX303UB/ASUS_LiveUpdate_343.zip
[SIGPIC][/SIGPIC]