|
Intel Management Engine vulnerability SA-00086 |
Post Reply 
|
Page <12345 8> |
| Author | |||
J Z 
Groupie 
Joined: 09 Sep 2016 Location: Germany Status: Offline Points: 976 |
 Post Options
 Thanks(0)
 Quote Reply
 Posted: 23 Nov 2017 at 7:32pm |
||
|
Yesterday -> MEUpdateTool -> ASRock -> Download -> http://asrock.pc.cdn.bitgravity.com/TSD/ME-consumer_11.8.50.3425.zip
|
|||
|
Kind Regards,
JZ https://shop.JZelectronic.de - Der Shop mit ausgesuchter ASRock Profi Hardware https://www.facebook.com/asrock.de |
|||
 |
|||
|
Arukado_
Newbie 
Joined: 22 Nov 2017 Status: Offline Points: 12 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 Nov 2017 at 7:39pm |
||
JZ once again are you seeing the difference between these two: Asus patch - > https://www.asus.com/en/Motherboards/Z170M-PLUS/HelpDesk_BIOS/ Your Asrock wannabe patch -> http://asrock.pc.cdn.bitgravity.com/TSD/ME-consumer_11.8.50.3425.zip Till Asrock place it on their official website it's not official. |
|||
|
|||
|
J Z
Groupie
Joined: 09 Sep 2016 Location: Germany Status: Offline Points: 976 |
Post Options
Thanks(1)
Quote Reply
Posted: 23 Nov 2017 at 7:49pm |
||
|
Coming soon
|
|||
|
Kind Regards,
JZ https://shop.JZelectronic.de - Der Shop mit ausgesuchter ASRock Profi Hardware https://www.facebook.com/asrock.de |
|||
|
|||
|
soulstealer
Newbie
Joined: 30 Sep 2016 Location: Hon Status: Offline Points: 76 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 Nov 2017 at 9:36pm |
||
|
i must correct this, jz is actually right, the link provided is really from asrock, because i have received a email from asrock support with the same adress.
Edited by soulstealer - 23 Nov 2017 at 9:59pm |
|||
|
|||
|
soulstealer
Newbie
Joined: 30 Sep 2016 Location: Hon Status: Offline Points: 76 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 Nov 2017 at 9:38pm |
||
i have a h170 fatality performance (not d3, not hyper), do i install the corporate or consumer firmware? i suppose they each require different drivers, too?
|
|||
|
|||
|
EdTittel
Newbie
Joined: 23 Nov 2017 Location: Texas, USA Status: Offline Points: 1 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 Nov 2017 at 10:54pm |
||
|
According to the TenForums discussion on this topic, Gigabyte has already posted a patch for its affected motherboards. See https://www.tenforums.com/windows-10-news/98600-flaws-found-intel-management-engine-me-txe-sps-2.html, thread #13 for a claim to this effect. I've been checking App Shop periodically since this came up and have seen nothing yet. Just checked the BIOS info for my affected motherboards, too, and haven't seen anything there yet, either.
HTH, --Ed--
|
|||
|
Ed Tittel 2443 Arbor Drive Round Rock, TX 78681
phn: 512-252-7497 mbl: 512-422-7943 www.edtittel.com |
|||
|
|||
|
soulstealer
Newbie
Joined: 30 Sep 2016 Location: Hon Status: Offline Points: 76 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 Nov 2017 at 11:16pm |
||
im not sure but it could be that drivers and firmware upgrades from different brands and products are even compatible / changeable with each other, for example Intel Z370, x299, Z87, Z97, Z170, Z270, Z270, H170, B250, B150 ... (Serie 8/9/100/200/300 Series). i know that at least for the drivers this is the case. then there are two different versions of firmware for each chipset series, corporate (MEI / AMT) (5mb) and consumer (MEI) (1.5mb). then for example for the 100-series consumer there is Firmware 1.5Mo (LP) (Intel 100-series Consumer LP Skylake-Y-U and Skylake (Mobile)) and Firmware 1.5Mo (SH) (Intel 100-series Consumer Skylake-S-H and Skylake). and this goes on for the other chipsets, too. so they have the same driver and different firmwares, but probably a corporate could be flashed onto a consumer board and drivers be used as well. i tried it by myself once if i remember right but i advise strongly against it and im not recommending it. note: just found out samsung and asrock use the same intel flash utility / routine, its probably the same for other vendors.
Edited by soulstealer - 24 Nov 2017 at 1:33am |
|||
|
|||
|
flashback8
Newbie
Joined: 24 Nov 2017 Status: Offline Points: 9 |
Post Options
Thanks(0)
Quote Reply
Posted: 24 Nov 2017 at 1:27am |
||
|
Hello. FYI, the Intel ME update seems to break playback of Ultra HD Blu-Ray discs. I own the Fatal1ty Z370 Gaming-ITX/ac board, which is one of the few out there that can handle all the ridiculous requirements for playing UHD discs. Among other things, the Intel ME drivers are a critical part of the puzzle since they enable SGX support, which UHD discs require.
Anyway, everything was fine until I installed the updated ME drivers. Now, Cyberlink's software tells me that HDCP 2.2 (a handshake protocol over HDMI) is no longer available. I figured that I might be able to get it working again if I reinstalled Intel's graphics drivers and restarted the PC. Nope. Same issue. I need to double check the UEFI settings but I'm 99% sure nothing changed. Has anybody else had this problem? Any workarounds? I'll keep tinkering and will report back if anything changes. Thank you. |
|||
|
|||
|
soulstealer
Newbie
Joined: 30 Sep 2016 Location: Hon Status: Offline Points: 76 |
Post Options
Thanks(0)
Quote Reply
Posted: 24 Nov 2017 at 1:31am |
||
ill probably update firmware and drivers in an hour or so. where did you get your drivers and firmware update from? i want to add that intel recommends a certain uninstall routine, but for mainstream users it should not be important. you can still check here. https://www.intel.com/content/dam/support/us/en/documents/technologies/intel-active-management-technology-intel-amt/Firmware_Deployment_Process-Rev1.0.pdf use the sa-00075 command line tool from the installation for the following: sa-00075: ********* note: ***** The procedural steps for implementing the mitigation are as follows: 1. Unprovision the Intel manageability SKU system. This is necessary to mitigate the network privilege escalation vulnerability and remove any configuration changes an unprivileged attacker could have made prior to mitigation. 2. Update the impacted systems with firmware obtained from your OEM that addresses this issue. 3. Re-provision Intel manageability SKU with your existing manageability / configuration console. important: run from windows cmd-console with administrator privileges 1. download detection and mitigation tool and install it (run to check vulnerability) https://downloadcenter.intel.com/download/26755/INTEL-SA-00075-Detection-and-Mitigation-Tool 2. unprovision (run from installation folder of sa-00075 tool) Intel-SA-00075-console.exe -Unprovision 3. disable lms Intel-SA-00075-console.exe -DisableLMS Edited by soulstealer - 24 Nov 2017 at 1:52am |
|||
|
|||
|
Montoya
Newbie
Joined: 01 Feb 2016 Status: Offline Points: 26 |
Post Options
Thanks(0)
Quote Reply
Posted: 24 Nov 2017 at 4:00am |
||
Replace the words "mother board" with "Car"..... If there are security issues with a part from my car, that is manufactured by a parts supplier of my car manufacturer, then my car manufacturer is responsible for fixing this issue for the endconsumer by doing a recall for all those cars affected..... So Asrock must take action in my opinion, providing a solution/guide eventually to their endconsumers with affected products.
Edited by Montoya - 24 Nov 2017 at 5:53am |
|||
|
Fatal1ty Z170 Gaming-ITX/ac, Intel i5-6500, Kingston HyperX Fury 16GB, Samsung 950 Pro 512GB, Fractal Design Core 500, Win10 Pro X64
|
|||
|
|||
|
Post Reply
|
Page <12345 8> |
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
Topic Options
J Z wrote: