Jump to content

Intel release ME flaw detection tool

NumLock21
Quote

Security researchers have raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible.

They have release a detection tool for both linux and windows, so you can scan and check out whether your system has the ME flaw or not.

 

 

Detection Tool

https://downloadcenter.intel.com/download/27150

 

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/amp

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

I urge everyone to go to your motherboard/PC manufacturer sites and install whatever patches exist there to fix this vulnerability issue. For me, it meant installing the patch that ASUS provided for my Z270E STRIX GAMING.

Main Rig: CPU: AMD Ryzen 7 5800X | RAM: 32GB (2x16GB) KLEVV CRAS XR RGB DDR4-3600 | Motherboard: Gigabyte B550I AORUS PRO AX | Storage: 512GB SKHynix PC401, 1TB Samsung 970 EVO Plus, 2x Micron 1100 256GB SATA SSDs | GPU: EVGA RTX 3080 FTW3 Ultra 10GB | Cooling: ThermalTake Floe 280mm w/ be quiet! Pure Wings 3 | Case: Sliger SM580 (Black) | PSU: Lian Li SP 850W

 

Server: CPU: AMD Ryzen 3 3100 | RAM: 32GB (2x16GB) Crucial DDR4 Pro | Motherboard: ASUS PRIME B550-PLUS AC-HES | Storage: 128GB Samsung PM961, 4TB Seagate IronWolf | GPU: AMD FirePro WX 3100 | Cooling: EK-AIO Elite 360 D-RGB | Case: Corsair 5000D Airflow (White) | PSU: Seasonic Focus GM-850

 

Miscellaneous: Dell Optiplex 7060 Micro (i5-8500T/16GB/512GB), Lenovo ThinkCentre M715q Tiny (R5 2400GE/16GB/256GB), Dell Optiplex 7040 SFF (i5-6400/8GB/128GB)

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, TheSLSAMG said:

I urge everyone to go to your motherboard/PC manufacturer sites and install whatever patches exist there to fix this vulnerability issue. For me, it meant installing the patch that ASUS provided for my Z270E STRIX GAMING.

You mean bios update?

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, NumLock21 said:

You mean bios update?

In my case, no. It was a Windows utility that updated ME on the system. I imagine it wrote something to the BIOS but it wasn't a flat out BIOS update.

Main Rig: CPU: AMD Ryzen 7 5800X | RAM: 32GB (2x16GB) KLEVV CRAS XR RGB DDR4-3600 | Motherboard: Gigabyte B550I AORUS PRO AX | Storage: 512GB SKHynix PC401, 1TB Samsung 970 EVO Plus, 2x Micron 1100 256GB SATA SSDs | GPU: EVGA RTX 3080 FTW3 Ultra 10GB | Cooling: ThermalTake Floe 280mm w/ be quiet! Pure Wings 3 | Case: Sliger SM580 (Black) | PSU: Lian Li SP 850W

 

Server: CPU: AMD Ryzen 3 3100 | RAM: 32GB (2x16GB) Crucial DDR4 Pro | Motherboard: ASUS PRIME B550-PLUS AC-HES | Storage: 128GB Samsung PM961, 4TB Seagate IronWolf | GPU: AMD FirePro WX 3100 | Cooling: EK-AIO Elite 360 D-RGB | Case: Corsair 5000D Airflow (White) | PSU: Seasonic Focus GM-850

 

Miscellaneous: Dell Optiplex 7060 Micro (i5-8500T/16GB/512GB), Lenovo ThinkCentre M715q Tiny (R5 2400GE/16GB/256GB), Dell Optiplex 7040 SFF (i5-6400/8GB/128GB)

Link to comment
Share on other sites

Link to post
Share on other sites

https://www.asus.com/Motherboards/ROG-STRIX-Z370-G-GAMING/HelpDesk_Download/

 

I downloaded it from here, and that tool still detects my system as vulnarable.

Guess I have to wait for ASUS to release new drivers for Management Engine Interface ?

Intel i7 12700K | Gigabyte Z690 Gaming X DDR4 | Pure Loop 240mm | G.Skill 3200MHz 32GB CL14 | CM V850 G2 | RTX 3070 Phoenix | Lian Li O11 Air mini

Samsung EVO 960 M.2 250GB | Samsung EVO 860 PRO 512GB | 4x Be Quiet! Silent Wings 140mm fans

WD My Cloud 4TB

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, CUDA_Cores said:

I don't want to read the article soooo....

 

Does the tool actually SOLVE the problem, or does it just warn the user? Because if it doesn't fix the problem, it's useless. 

 

Thats like if I got hit by a truck then I guy ran over to me and said "hey, you just got hit by a truck". Then because he won't solve my problem, he leaves. Wow real helpful dude. 

 

This is an extreme example but it's the same principal.

The tool warns if the system is vulnerable, in which case the recourse would be to install the patches provided by your hardware manufacturer. It's not entirely useless, but it may be more useful in the future than it is now.

Main Rig: CPU: AMD Ryzen 7 5800X | RAM: 32GB (2x16GB) KLEVV CRAS XR RGB DDR4-3600 | Motherboard: Gigabyte B550I AORUS PRO AX | Storage: 512GB SKHynix PC401, 1TB Samsung 970 EVO Plus, 2x Micron 1100 256GB SATA SSDs | GPU: EVGA RTX 3080 FTW3 Ultra 10GB | Cooling: ThermalTake Floe 280mm w/ be quiet! Pure Wings 3 | Case: Sliger SM580 (Black) | PSU: Lian Li SP 850W

 

Server: CPU: AMD Ryzen 3 3100 | RAM: 32GB (2x16GB) Crucial DDR4 Pro | Motherboard: ASUS PRIME B550-PLUS AC-HES | Storage: 128GB Samsung PM961, 4TB Seagate IronWolf | GPU: AMD FirePro WX 3100 | Cooling: EK-AIO Elite 360 D-RGB | Case: Corsair 5000D Airflow (White) | PSU: Seasonic Focus GM-850

 

Miscellaneous: Dell Optiplex 7060 Micro (i5-8500T/16GB/512GB), Lenovo ThinkCentre M715q Tiny (R5 2400GE/16GB/256GB), Dell Optiplex 7040 SFF (i5-6400/8GB/128GB)

Link to comment
Share on other sites

Link to post
Share on other sites

Just now, CUDA_Cores said:

I don't want to read the article soooo....

 

Does the tool actually SOLVE the problem, or does it just warn the user? Because if it doesn't fix the problem, it's useless. 

 

Thats like if I got hit by a truck then I guy ran over to me and said "hey, you just got hit by a truck". Then because he won't solve my problem, he leaves. Wow real helpful dude. 

 

This is an extreme example but it's the same principal.

Just a tool. No fix from Intel yet. Says to beg your board maker for fix. xD:P

 

 

Just now, TheSLSAMG said:

In my case, no. It was a Windows utility that updated ME on the system. I imagine it wrote something to the BIOS but it wasn't a flat out BIOS update.

I don't think me update patches it. But i could be wrong.

Intel Xeon E5 1650 v3 @ 3.5GHz 6C:12T / CM212 Evo / Asus X99 Deluxe / 16GB (4x4GB) DDR4 3000 Trident-Z / Samsung 850 Pro 256GB / Intel 335 240GB / WD Red 2 & 3TB / Antec 850w / RTX 2070 / Win10 Pro x64

HP Envy X360 15: Intel Core i5 8250U @ 1.6GHz 4C:8T / 8GB DDR4 / Intel UHD620 + Nvidia GeForce MX150 4GB / Intel 120GB SSD / Win10 Pro x64

 

HP Envy x360 BP series Intel 8th gen

AMD ThreadRipper 2!

5820K & 6800K 3-way SLI mobo support list

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, NumLock21 said:

Just a tool. No fix from Intel yet. Says to beg your board maker for fix. xD:P

 

 

I don't think me update patches it. But i could be wrong.

Well I tried the patch tool prior to using the utility and my system was vulnerable. I used the patch tool, my system restarted and the system is no longer vulnerable according to Intel's tool.

Main Rig: CPU: AMD Ryzen 7 5800X | RAM: 32GB (2x16GB) KLEVV CRAS XR RGB DDR4-3600 | Motherboard: Gigabyte B550I AORUS PRO AX | Storage: 512GB SKHynix PC401, 1TB Samsung 970 EVO Plus, 2x Micron 1100 256GB SATA SSDs | GPU: EVGA RTX 3080 FTW3 Ultra 10GB | Cooling: ThermalTake Floe 280mm w/ be quiet! Pure Wings 3 | Case: Sliger SM580 (Black) | PSU: Lian Li SP 850W

 

Server: CPU: AMD Ryzen 3 3100 | RAM: 32GB (2x16GB) Crucial DDR4 Pro | Motherboard: ASUS PRIME B550-PLUS AC-HES | Storage: 128GB Samsung PM961, 4TB Seagate IronWolf | GPU: AMD FirePro WX 3100 | Cooling: EK-AIO Elite 360 D-RGB | Case: Corsair 5000D Airflow (White) | PSU: Seasonic Focus GM-850

 

Miscellaneous: Dell Optiplex 7060 Micro (i5-8500T/16GB/512GB), Lenovo ThinkCentre M715q Tiny (R5 2400GE/16GB/256GB), Dell Optiplex 7040 SFF (i5-6400/8GB/128GB)

Link to comment
Share on other sites

Link to post
Share on other sites

12 minutes ago, TheSLSAMG said:

Well I tried the patch tool prior to using the utility and my system was vulnerable. I used the patch tool, my system restarted and the system is no longer vulnerable according to Intel's tool.

What patch tool did you use?

Intel i7 12700K | Gigabyte Z690 Gaming X DDR4 | Pure Loop 240mm | G.Skill 3200MHz 32GB CL14 | CM V850 G2 | RTX 3070 Phoenix | Lian Li O11 Air mini

Samsung EVO 960 M.2 250GB | Samsung EVO 860 PRO 512GB | 4x Be Quiet! Silent Wings 140mm fans

WD My Cloud 4TB

Link to comment
Share on other sites

Link to post
Share on other sites

25 minutes ago, NumLock21 said:

You mean bios update?

It might be the IME Hotfix, but it's useless as far as I'm aware. 

 

image.png.963e91a83d4a1650900e8a58794566a5.png

Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to comment
Share on other sites

Link to post
Share on other sites

I hope MSI still supports 100-series boards. Or, at the very least, Intel offers an patching tool of some kind.

Link to comment
Share on other sites

Link to post
Share on other sites

Checking my systems...

 

:) Asrock Z370 Pro4 - Current bios not vulnerable, presumably ME update included in bios 1.30 dated 2017/11/2
:) Asus Z170 Maximus VIII Hero - Vulnerable with 3504 bios. ME patch available dated 2017/11/09

:( Asus Z170I Pro Gaming - current bios vulnerable, dated 2017/07/21 ME patch available dated 2017/12/04

:( Asus X299 TUF Mark 2 - current bios vulnerable, dated 2017/09/15
:( MSI Z170A Gaming Pro - current bios vulnerable, dated 2017-04-24

:( MSI GE62 6QF - current bios vulnerable, dated 2016-10-26 (there is newer date bios available which is even older version intended to use as stepping stone update for really old bios)
 

I wonder how they decide what to update, when, if at all... the Hero is a higher end board so nice to see them support it, but the X299 TUF Mark 2 is current so I'd hope for an update on that soon. The other Z170 boards I'm less sure about...

 

Main system: i9-7980XE, Asus X299 TUF mark 2, Noctua D15, Corsair Vengeance Pro 3200 3x 16GB 2R, RTX 3070, NZXT E850, GameMax Abyss, Samsung 980 Pro 2TB, Acer Predator XB241YU 24" 1440p 144Hz G-Sync + HP LP2475w 24" 1200p 60Hz wide gamut
Gaming laptop: Lenovo Legion 5, 5800H, RTX 3070, Kingston DDR4 3200C22 2x16GB 2Rx8, Kingston Fury Renegade 1TB + Crucial P1 1TB SSD, 165 Hz IPS 1080p G-Sync Compatible

Link to comment
Share on other sites

Link to post
Share on other sites

Practically no manufacturer already has UEFIs containing the fix. We'll have to wait

On a mote of dust, suspended in a sunbeam

Link to comment
Share on other sites

Link to post
Share on other sites

Found another potentially vulnerable system in my collection. I forgot about it as it is a server, but it is Skylake generation. HP ML10 Gen9. They do have an update for it, but I can't download it. They want an account with valid warranty or support attached to it. This seems to go against their own policy which states: 

Quote

“Critical” related firmware updates (addressing safety and security fixes) will be made available to all ProLiant customers outside of a warranty or support contract and are governed by "customer terms of use"

. Source https://support.hpe.com/hpsc/doc/public/display?docId=c04044353 

Main system: i9-7980XE, Asus X299 TUF mark 2, Noctua D15, Corsair Vengeance Pro 3200 3x 16GB 2R, RTX 3070, NZXT E850, GameMax Abyss, Samsung 980 Pro 2TB, Acer Predator XB241YU 24" 1440p 144Hz G-Sync + HP LP2475w 24" 1200p 60Hz wide gamut
Gaming laptop: Lenovo Legion 5, 5800H, RTX 3070, Kingston DDR4 3200C22 2x16GB 2Rx8, Kingston Fury Renegade 1TB + Crucial P1 1TB SSD, 165 Hz IPS 1080p G-Sync Compatible

Link to comment
Share on other sites

Link to post
Share on other sites

Hasweasel-E not vulnerable.

Our Grace. The Feathered One. He shows us the way. His bob is majestic and shows us the path. Follow unto his guidance and His example. He knows the one true path. Our Saviour. Our Grace. Our Father Birb has taught us with His humble heart and gentle wing the way of the bob. Let us show Him our reverence and follow in His example. The True Path of the Feathered One. ~ Dimboble-dubabob III

Link to comment
Share on other sites

Link to post
Share on other sites

I disabled IME in bios the I first booted my computer back in 2012, I guess I am not affected lol

mY sYsTeM iS Not pErfoRmInG aS gOOd As I sAW oN yOuTuBe. WhA t IS a GoOd FaN CuRVe??!!? wHat aRe tEh GoOd OvERclok SeTTinGS FoR My CaRd??  HoW CaN I foRcE my GpU to uSe 1o0%? BuT WiLL i HaVE Bo0tllEnEcKs? RyZEN dOeS NoT peRfORm BetTer wItH HiGhER sPEED RaM!!dId i WiN teH SiLiCON LotTerrYyOu ShoUlD dEsHrOuD uR GPUmy SYstEm iS UNDerPerforMiNg iN WarzONEcan mY Pc Run WiNdOwS 11 ?woUld BaKInG MY GRaPHics card fIX it? MultimETeR TeSTiNG!! aMd'S GpU DrIvErS aRe as goOD aS NviDia's YOU SHoUlD oVERCloCk yOUR ramS To 5000C18

 

Link to comment
Share on other sites

Link to post
Share on other sites

On ‎11‎/‎21‎/‎2017 at 11:57 PM, NumLock21 said:

They have release a detection tool for both linux and windows, so you can scan and check out whether your system has the ME flaw or not.

 

 

Detection Tool

https://downloadcenter.intel.com/download/27150

 

https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/amp

i use amd so i can not test this but backup your system and then set a sys restore point

now open device manager

goto acpi and. expand

disable intel management engine(as uninstall will auto reinstall on reboot)

reboot

does system still work

Link to comment
Share on other sites

Link to post
Share on other sites

While I'm not paranoid about it, businesses using Skylake and above processors should be concerned. The vulnerability is serious that hackers can craft a zero day malware that is invisible to the OS. Despite some enterprise security solutions being good in preventing malware infections, they can only detect malware that the OS can see. With this Intel vulnerability, malware can run outside of the OS so security solutions are also in guess and let the malware like rootkits and others run rampant in computers so yay for more massive data breaches.

5a1c26b41a8be_Screenshot(413).png.5f518c4f7e904d67b5c62507c1680fcc.png

 

 

 

There is more that meets the eye
I see the soul that is inside

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Yay, not vulnerable on this old system.

My Build:

Spoiler

CPU: i7 4770k GPU: GTX 780 Direct CUII Motherboard: Asus Maximus VI Hero SSD: 840 EVO 250GB HDD: 2xSeagate 2 TB PSU: EVGA Supernova G2 650W

Link to comment
Share on other sites

Link to post
Share on other sites

/smug

 

 

Ryzen 7 2700x | MSI B450 Tomahawk | GTX 780 Windforce | 16GB 3200
Dell 3007WFP | 2xDell 2001FP | Logitech G710 | Logitech G710 | Team Wolf Void Ray | Strafe RGB MX Silent
iPhone 8 Plus ZTE Axon 7 | iPad Air 2 | Nvidia Shield Tablet 32gig LTE | Lenovo W700DS

Link to comment
Share on other sites

Link to post
Share on other sites

Oh well

IME.png

Laptop:

Spoiler

HP OMEN 15 - Intel Core i7 9750H, 16GB DDR4, 512GB NVMe SSD, Nvidia RTX 2060, 15.6" 1080p 144Hz IPS display

PC:

Spoiler

Vacancy - Looking for applicants, please send CV

Mac:

Spoiler

2009 Mac Pro 8 Core - 2 x Xeon E5520, 16GB DDR3 1333 ECC, 120GB SATA SSD, AMD Radeon 7850. Soon to be upgraded to 2 x 6 Core Xeons

Phones:

Spoiler

LG G6 - Platinum (The best colour of any phone, period)

LG G7 - Moroccan Blue

 

Link to comment
Share on other sites

Link to post
Share on other sites

Had already checked for update when it was mentioned (The Vulnerability, not the tool) on the WAN Show.

 

Already got the update for my Asus Prime Z270-A.

 

Ran the tool anyway though, says not vulnerable so I guess that confirms it did the trick.

 

Alot of people probably will still be vulnerable though like Linus mentioned on the WAN... hopefully it's not so bad. Don't think I would've heard about this if I didn't watch the WAN. I do check for updates (drivers/bios) like once a month though, so I would've eventually updated. Not sure how many others do the same though. Seem like alot of people don't bother updating drivers and such unless they run into an actual issue from what I've noticed on a different forum. (GameFAQs PC Board)

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×