Intel ME vulnerability patch for old motherboards

[Benb96]

I have a Fujitsu Primergy TX100 S3P server, with an Intel Xeon E3-1220 V2 (soon to be upgraded to Xeon E3-1280 V2). It's running Microsoft Windows Server 2012 R2 and when I run the Intel-SA-00086 Detection Tool (found here), it says Detection Error: system may be vulnerable, please install the Intel MEI/TXEI driver (available from your system manufacturer).

 

With Fujitsu being the great server manufacturer that they are (sarcasm), they haven't pushed any updates since 2012 for the bios. My question being (not limited just to this latest vulnerability but in general) for driver updates, are you solely reliant on your manufacturer to release the updates?

 

The latest ME vulnerability may not apply to me as I'm not sure if this cpu is in the "list"

[Tabs]

The latest ME vulnerability is only for skylake and higher processors, so as long as you don't upgrade to a v5+ xeon, you're not affected by this.

 

As long as you don't install the intel bundled management software onto the machine, and so long as you try to disable the management engine in the bios, you will be safe from remote exploits of this vulnerability. Local exploits could still happen if you can't disable the ME in the bios, but if you limit what you run on the machine (as a server I assume this is already the case), it should also be of limited concern.

 

Edit: The above advice is mainly general, since your machine isn't directly affected by the most recent ME vulnerability. However, there are others and I have no idea how many your machine might be impacted by.