cancel
Showing results for 
Search instead for 
Did you mean: 

Intel Management Engine (ME) Security Hole - ASUS ROG G752VS-XS74K

The_Guru
Level 7
So I've waited a couple days. Still no update provided by ASUS on the support page for this major hole. Anyone know the status?
315 Views
31 REPLIES 31

Gps3dx wrote:
right Mr. Bahz @Asus?


Bahz no longer works for ASUS so I don't think you'll be getting an answer from him.
A bus station is where a bus stops. A train station is where a train stops. On my desk, I have a work station…

Falcon2_ROG
Customer Service Agent
Please refer to the following message.
https://www.asus.com/News/q5R9EixxfAqo1anZ
Thank you for your patience.

Hello @OnePiece@Asus,

I have a question regarding the Intel Management Engine security vulnerability.

In december 2017 Asus made a statement: https://www.asus.com/us/support/FAQ/1034961/

In this FAQ statement from Asus, I fail to see my motherboard on the list (P8 Z77-V), to receive a security update regarding the Intel Management flaw.
But the P8 Z77-V motherboard uses IME version 11.0, which, according to Intel and Asus statement, is considered vulnerable. And Intel support says the motherboard manufacturer has to be adressed.

Is the P8Z77-V motherboard not going to receive the security patch for Intel Management Engine?
Regards
Mattersbro

70449

Im a bit confused, hope someone can clarify. On the motherboard download page for my motherboard and in windows devicemanager it says IME driver version 11.0 .0.1155, but today I used the intel tool (INTEL-SA-00086) to detect whether my system is vulnerable, and it says IME firmware version is 8.0.2.1410.

Which is it? 11.0 or 8.0.2? Because 11.0 is considered vulerable. Or is driver version /= firmware version?

Mattersbro wrote:
70449

Im a bit confused, hope someone can clarify. On the motherboard download page for my motherboard and in windows devicemanager it says IME driver version 11.0 .0.1155, but today I used the intel tool (INTEL-SA-00086) to detect whether my system is vulnerable, and it says IME firmware version is 8.0.2.1410.

Which is it? 11.0 or 8.0.2? Because 11.0 is considered vulerable. Or is driver version /= firmware version?


Ignore device manager, that's the driver version. You must patch

BogdanCiulei wrote:
Ignore device manager, that's the driver version. You must patch

So device manager version is not important? Its weird because the version number are so similar to the firmware numbers. How do I find out what version my IME is then, without the Intel tool?
Because according to Intel-tool everything is fine, it says IME version is 8.0 and doesn't require any patch. But as you can see on picture, motherboard driver download site it says IME Version 11.0.

I just want to know if the tool really has detected the correct IME version.

The_Guru
Level 7
It's still not listed despite being affected...

From my point of view, it is unacceptable for expensive high-performance Asus ROG G752VS laptop that:

1)
such a long time ELAN touchpad doesn't work ok in Windows, and doesn't work at all in Linux

[3.250831] i2c_hid i2c-ELAN1203:00: i2c-ELAN1203:00 supply vdd not found, using dummy regulator
[3.287631] hid-multitouch 0018:04F3:3043.0007: Ignoring the extra HID_DG_INPUTMODE
[3.287673] input: ELAN1203:00 04F3:3043 Touchpad as /devices/pci0000:00/0000:00:15.1/i2c_designware.1/i2c-2/i2c-ELAN1203:00/0018:04F3:3043.0007/input/input16
[3.287754] hid-multitouch 0018:04F3:3043.0007: input,hidraw6: I2C HID v1.00 Mouse [ELAN1203:00 04F3:3043] on i2c-ELAN1203:00

even if someone made an alternative touchpad firmware that fixes the problem both in Windows and Linux
https://rog.asus.com/forum/showthread.php?93405-G-752-VS-Touchpad-Gesture-Fix

2)
within BIOS settings no option exist to disable "USB charging"

3)
within BIOS settings no option exist to disable Intel Management Engine.

28 August 2017, Mark Ermolov and Maxim Goryachy
Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) chip and a set of built-in peripherals. The PCH carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer. The ability to execute third-party code on Intel ME would allow for a complete compromise of the platform.
After unpacking the executable modules, our research team proceeded to examine the software and hardware internals of Intel ME.
A large number of XML files contain a lot of interesting information: the structure of ME firmware and description of the PCH strap, as well as special configuration bits for various subsystems integrated into the PCH chip. One of the fields, called "reserve_hap", drew our attention because there was a comment next to it: "High Assurance Platform (HAP) enable". Googling did not take long. The second search result said that the name belongs to a trusted platform program linked to the U.S. National Security Agency (NSA).

While we are waiting Asus announced reaction, here's another type of approach how to handle this most probably NSA back door:

- following the recent Intel Management Engine (ME) vulnerabilities combined with some engineering work the past few months on their end, System76 will begin disabling ME on their laptops;

- Purism has announced today (19 October 2017) all laptops to be shipping from their company will now have the Intel Management Engine (ME) disabled;

- Linux world: via an open-source, third-party tool called me_cleaner, it's now possible to disable & strip down Intel's ME blob.

danmaku
Level 7
Has anyone spoken with ASUS directly? The news article still does not mention the G752 model

I wonder if it's been orphaned

EDIT: The G752VS is compatible with the firmware update posted despite not being listed (the G752VSK is listed instead). I ran intel's tool and it confirmed that the patch did its job

Rentard
Level 7
Best keep flooding their support about it. That's damn scummy.