Intel-SA-00086 Detection Tool. User Guide Revision 1.01 November 2017 Document: User Guide royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein.
> Intel advises Microsoft and Linux users to download and run the Intel-SA-00086 Detection tool to determine whether their systems are vulnerable. If you are at risk, you must obtain firmware updates from your computer's manufacturer.
Dec 26, 2017 What I did: Create a network share (I named mine Intel), give modify to all workstations and users. On the computer running this script, map the share to whatever drive letter you have open.
by Martin Brinkmann on November 22, 2017 in Security - Last Update: November 24, 2017 - 44 comments
Intel published a security advisory yesterday detailing security vulnerabilities in the firmware of the company's Management Engine, Server Platform Services, and Trusted Execution Engine.
A wide range of Intel processor families and products are affected by these issues, including 6th, 7th and 8th generation Intel Core processors, Intel Xeon processors, Intel Atom processors, Apollo Lake processors and Intel Celeron processors.
Basically, systems using Management Engine firmware versions 11.0, 11.5, 11.7, 11.10, and 11.20, Server Platform Engine firmware version 4.0, and Trusted Execution Engine version 3.0 are impacted by the vulnerabilities.
Attackers may exploit security vulnerabilities to gain unauthorized access to affected systems. Potential scenarios include running code outside the visibility of the operating system or user context, causing system instabilities or crashes, or impacting local security feature attestation validity.
Find out if a system is vulnerable
Intel released a detection tool which you may download from this web page. It is available for Windows 7 and newer versions of Windows, and for Linux.
The program runs a quick scan and returns its findings afterwards. It highlights whether the system is vulnerable, and displays the Intel product and its firmware version as well.
What to do if the system is vulnerable
Snip tool for mac os. There is nothing that users can do to the system directly to fix the vulnerability. Intel notes that it is up to OEMs and manufacturers to release updates for their products to fix the security issues.
What that means is the following: If you have bought a PC from a manufacturer like Dell, Lenovo, HP or any other PC manufacturer, you need to wait for them to release updates that address the issue.
Intel lists links to support information on this support article. The company will update links to manufacturers when updates are released by them. Currently, links are available for Dell and Lenovo customers.
Update: Now includes links to Acer, Fujitsu, HPE, and Panasonic as well.
Intel Sa 00086 Patch
Users who built a PC by themselves, changed the motherboard, or bought a pre-assembled PC using custom parts, need to consult the motherboard manufacturer instead.
Closing Words
Judging from past vulnerabilities and patching activity, it seems very likely that manufacturers won't release updates for some systems and motherboards. Since Intel prevents direct access to affected features, these systems will remain vulnerable throughout their lifetime.
This is not the first issue that affected Intel's Management Engine. The EFF published a detailed account on that back in May 2017 for instance, urging Intel to provide the means to give administrators and users options to disable or limit the Management Engine.
Now You: Is your system affected?
Find out if your Intel CPU is vulnerable to Intel Manageability Engine vulnerabilities
Description
Sa 00086 Detection Tool
Intel published a security advisory yesterday detailing security vulnerabilities in the firmware of the company's Management Engine, Server Platform Services, and Trusted Execution Engine.