Release Note
ZenTalk

[Tips] [ZenFans Review] ASUS Update of Intel management engine firmware

9614 4
Jump to specific floor
Latest Post
RAJU2529 IND Level 5 | All posts
Intel has identified security vulnerabilities that could potentially place impacted platforms at risk. ASUS is now closely working with Intel to provide solutions to affected models.
2017/11/30Attachment


Symptom Description
According to Intel, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).This includes scenarios where a successful attacker could:

         
  • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
         
  • Load and execute arbitrary code outside the visibility of the user and operating system.
         
  • Cause a system crash or system instability.
Summary:

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.

As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

Description:

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 6.x/7.x/8.x/9.x/10.x//11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.



Affected products:



  • 1st, 2nd, 3rd, 4th, 5th, 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Pentium® Processor G Series
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ G, N and J series Processors

Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
This includes scenarios where a successful attacker could:
  • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
  • Load and execute arbitrary code outside the visibility of the user and operating system.
  • Cause a system crash or system instability.
  • For more information, please see this Intel Support article
so asus released intel management engine firmware update tool for  all laptops , notebooks , desktops , all in one

visit firmware update website
https://www.asus.com/News/q5R9EixxfAqo1anZ

and the choose the correct model number or system model or bios model ,
and then download the firmware tool , close all the applications , close antivirus , connectt AC power adapter , connect internet
then run the tool as administrator wait for atleast 15 minutes , let the completes its work
then restart .


This post contains more resources..

You need to login to download attachments. No account?Register Now

x
ASUS R542UQ-DM153 I5 7200U RAM 16GB DDR4 2400MHz GEFORCE 940MX 2GB GDDR5 VRAM.
WIN 10 64BIT ENT 18362.116
01.Bios X542UQ.307
02.Samsung SSD 860 EVO 250GB M.2 2280
03.Seagate ST2000LM015 2TB HDD 2.5
04.Toshiba MQ01ABD100 1TB HDD 2.5
05.SecurEye SK-100 USB Finger Print Reader
Props
ROM Level 1 | All posts
Last edited by mvlaurentiu on 2019/4/4 15:00

i dont recommend using the update tool i did it on my asus x541uvk and now i have sata control issus
Reset to device, \Device\RaidPort0, was issued.
[edit]
windows 10 just reflash my bios on its own and removed the ASUS ME firmware / Driver update tool how ever the image had artefacts and i reinstalled the update and now its all ok

Props
RAJU2529 IND Level 5 | All posts
I am using the latest advanced intel management engine firmware 11.8.60.3561  to my laptop.
The above version is not available on Asus official website.
If your laptop using 7th core processor means, then you must and should install at least 11.5 or greater version.

You can check your processor  has a vulnerability or not by using sa tool on intel website

https://downloadcenter.intel.com/download/27150?v=t

Note i am first person installed the v 11.8.60.3561 on asus  laptop
Props
ROM Level 1 | All posts
I downloaded all the detection tools this is the result i have a fully updated windows 10


This post contains more resources..

You need to login to download attachments. No account?Register Now

x
Props
RAJU2529 IND Level 5 | All posts
Last edited by RAJU2529 on 2019/4/11 12:45
mvlaurentiu posted on 2019/4/9 06:27
I downloaded all the detection tools this is the result i have a fully updated windows 10

according  screenshot by Intel SA-00125  , your laptop is  vulnerable  ,and the recommended  firmware  is 11.8.55.3510.

But you have old  version 11.8.50.3399.  Instruct to the Asus  to release the firmware.

for more information about correct firmware , visit the following  site
https://www.intel.com/content/www/us/en/support/articles/000030079/software/chipset-software.html

Props
Advanced mode
You need to login first Login | Register Now

Points policy of this forum

wishes

Archiver|Mobile ver.|

Fast reply Top Return to list
Share by pm