ASRock.com Homepage
Forum Home Forum Home > Technical Support > Intel Motherboards
  New Posts New Posts RSS Feed - Intel Management Engine vulnerability SA-00086
  FAQ FAQ  Forum Search Search  Events   Register Register  Login Login

Intel Management Engine vulnerability SA-00086

 Post Reply Post Reply Page  123 8>
Author
Message
Arukado_ View Drop Down
Newbie
Newbie


Joined: 22 Nov 2017
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote Arukado_ Quote  Post ReplyReply Direct Link To This Post Topic: Intel Management Engine vulnerability SA-00086
    Posted: 22 Nov 2017 at 3:19am
Hello all,

can we have official statment from Asrock about Intel® Management Engine vulnerability (Intel-SA-00086)??
I searched for it today in google and only thing that I found related to asrock is post on win-raid forum in which some guy calims that he got response from asrock and it does'nt looks good.

https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools-232.html#msg43790

Thanks for your mail to remind us about the call to action from Intel.
We are aware that Intel has recently suggested ODM/user/MB Manufacture to update the corresponding ME version to fix the security flaw in their Management Engine (ME).
According to Intel's announcement, this flaw only appears in ?�Corporate ME??which with AMT function.
As ours H97 Pro4 Motherboard is using the ?�Consumer ME??in our BIOS code, so there's no such concern on this case.
Please don't worry about it.


So since my Asrock Z170M Extreme4 is detected as affected and vulnerable.

That's propably because this vulnerability is related to IME not only to "Corporate ME" and even Lenovo made a lot of patche to their pc / latops so imho this post is fake or just some unexperinced person form support made this reply so please Asrock let us know when we recive paches.


Intel detection tool:
https://downloadcenter.intel.com/download/27150

Intel vulnerability site:
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

Kind regards


Edited by Arukado_ - 22 Nov 2017 at 3:21am
Back to Top
daddyo View Drop Down
Newbie
Newbie
Avatar

Joined: 30 Oct 2017
Status: Offline
Points: 54
Post Options Post Options   Thanks (0) Thanks(0)   Quote daddyo Quote  Post ReplyReply Direct Link To This Post Posted: 22 Nov 2017 at 10:33am
All computers based on intel 6th, 7th, and 8th gen. are affected. That means all Skylake, Kaby Lake, and Coffee Lake based computers, and others as well.

This is a serious security flaw that needs addressing.
Back to Top
parsec View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 May 2015
Location: USA
Status: Offline
Points: 4996
Post Options Post Options   Thanks (0) Thanks(0)   Quote parsec Quote  Post ReplyReply Direct Link To This Post Posted: 22 Nov 2017 at 12:35pm
Originally posted by Arukado_ Arukado_ wrote:

Hello all,

can we have official statment from Asrock about Intel® Management Engine vulnerability (Intel-SA-00086)??
I searched for it today in google and only thing that I found related to asrock is post on win-raid forum in which some guy calims that he got response from asrock and it does'nt looks good.

https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools-232.html#msg43790

Thanks for your mail to remind us about the call to action from Intel.
We are aware that Intel has recently suggested ODM/user/MB Manufacture to update the corresponding ME version to fix the security flaw in their Management Engine (ME).
According to Intel's announcement, this flaw only appears in ?�Corporate ME??which with AMT function.
As ours H97 Pro4 Motherboard is using the ?�Consumer ME??in our BIOS code, so there's no such concern on this case.
Please don't worry about it.


So since my Asrock Z170M Extreme4 is detected as affected and vulnerable.

That's propably because this vulnerability is related to IME not only to "Corporate ME" and even Lenovo made a lot of patche to their pc / latops so imho this post is fake or just some unexperinced person form support made this reply so please Asrock let us know when we recive paches.


Intel detection tool:
https://downloadcenter.intel.com/download/27150

Intel vulnerability site:
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

Kind regards


Why are you asking a mother board manufacture about a problem with a product they do not manufacture or sell?

Why is a mother board manufacture responsible for any potential or existing flaw in a product they have not designed, manufactured, or marketed?

Any fix for this situation can only come from Intel. A mother board manufacture cannot and should not speak for Intel about this situation. Intel is the best and only true source for any information about this situation.

Have you posted a question in Intel's processor forum about this?

Back to Top
Arukado_ View Drop Down
Newbie
Newbie


Joined: 22 Nov 2017
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote Arukado_ Quote  Post ReplyReply Direct Link To This Post Posted: 22 Nov 2017 at 5:00pm
Originally posted by parsec parsec wrote:



Why are you asking a mother board manufacture about a problem with a product they do not manufacture or sell?

Why is a mother board manufacture responsible for any potential or existing flaw in a product they have not designed, manufactured, or marketed?

Any fix for this situation can only come from Intel. A mother board manufacture cannot and should not speak for Intel about this situation. Intel is the best and only true source for any information about this situation.

Have you posted a question in Intel's processor forum about this?



Have you read anything on Intel's website about this vulnerability?
I don't think so Intel is aware of this vulnerability and the solution is to upgrade ME to newer version which can be done by BIOS upgrade i think.
Dell and Lenovo already made a statement about this and working on new BIOS / firmware updates.

Originally posted by Intel Intel wrote:


Contact your system manufacturer to obtain updates for impacted systems.


There's no problem with Intel's processor it's a problem with Intel's chipset and moreover firmware update should be deployed by system manufacturers as Intel said.
So instead of being smart-ass and telling me to post something on Intel forum maybe next time read the whole post and then research topic a little more cos as I wrote in my first post Intel already told us to go to ours system manufacturers and Dell and Lenovo respond quickly.

Furthermore why "we" and by "we" I ment users have to deal with this kind of attitude from manufacturers? I should not care which problem is this Intel's or Asrock's! This two company should talk with each other and give theirs customers working solution.

More topics about this vulnerability occured on internet:
https://rog.asus.com/forum/showthread.php%3F97618-When-will-we-see-firmware-updates-for-INTEL-SA-00086-for-X299

http://www.ocdrift.com/gigabyte-implements-safety-measures-against-intel-me-and-txe-security-vulnerabilities/






Back to Top
J Z View Drop Down
Groupie
Groupie
Avatar

Joined: 09 Sep 2016
Location: Germany
Status: Offline
Points: 961
Post Options Post Options   Thanks (0) Thanks(0)   Quote J Z Quote  Post ReplyReply Direct Link To This Post Posted: 22 Nov 2017 at 9:10pm
Hello,

see -> http://forum.asrock.com/forum_posts.asp?TID=6676&title=wichtig-intel-mei-firmware-v118503425
Kind Regards,
JZ

https://shop.JZelectronic.de - Der Shop mit ausgesuchter ASRock Profi Hardware

https://www.facebook.com/asrock.de
Back to Top
Arukado_ View Drop Down
Newbie
Newbie


Joined: 22 Nov 2017
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote Arukado_ Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2017 at 1:25am
Originally posted by J Z J Z wrote:

Hello,

see -> http://forum.asrock.com/forum_posts.asp?TID=6676&title=wichtig-intel-mei-firmware-v118503425

Thanks JZ but I'll stick to that same statment as soulstealer made on original topic:

Originally posted by soulstealer soulstealer wrote:

Which boards does the update work with? why does not asrock provide an official download on its website?


FWUpdLcl64 file is of course Intels flasher but nobody knows what is inside bin file.
As far as we know this file can by legit or it can be another type od vulnerability just pretending to be the pacht.
So if it's works Asrock should post it on their website.


Edited by Arukado_ - 23 Nov 2017 at 1:30am
Back to Top
soulstealer View Drop Down
Newbie
Newbie
Avatar

Joined: 30 Sep 2016
Location: Hon
Status: Offline
Points: 76
Post Options Post Options   Thanks (0) Thanks(0)   Quote soulstealer Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2017 at 1:53am
Originally posted by Arukado_ Arukado_ wrote:

Originally posted by J Z J Z wrote:

Hello,

see -> http://forum.asrock.com/forum_posts.asp?TID=6676&title=wichtig-intel-mei-firmware-v118503425

Thanks JZ but I'll stick to that same statment as soulstealer made on original topic:

Originally posted by soulstealer soulstealer wrote:

Which boards does the update work with? why does not asrock provide an official download on its website?


FWUpdLcl64 file is of course Intels flasher but nobody knows what is inside bin file.
As far as we know this file can by legit or it can be another type od vulnerability just pretending to be the pacht.
So if it's works Asrock should post it on their website.

yeah, thank you. i agree with you, this issue is not be taken lightly. i would argue that actually this is a production flaw in terms of warranty.


Edited by soulstealer - 23 Nov 2017 at 1:54am
Back to Top
japau View Drop Down
Newbie
Newbie


Joined: 06 Nov 2017
Location: FIN
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote japau Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2017 at 2:07am
Hi JZ,

Downloaded the file and followed the installation (windows64) like in youtube but it doesnt want to install on Z370 Taichi with BIOS 1.20

Error log as follows,

Error 8193: Fail to load MEI device driver (PCI access for Windows)
Above error is often caused by one of below reasons:
Administrator privilege needed for running the tool
ME is in an error state causing MEI driver fail
MEI driver is not installed

Back to Top
Arukado_ View Drop Down
Newbie
Newbie


Joined: 22 Nov 2017
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote Arukado_ Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2017 at 2:09am
Originally posted by japau japau wrote:

Hi JZ,

Administrator privilege needed for running the tool

Some hint in there. Did you run it with admin priviliges?
Back to Top
daddyo View Drop Down
Newbie
Newbie
Avatar

Joined: 30 Oct 2017
Status: Offline
Points: 54
Post Options Post Options   Thanks (0) Thanks(0)   Quote daddyo Quote  Post ReplyReply Direct Link To This Post Posted: 23 Nov 2017 at 2:09am
It was surprising to see how patronizing a moderator was regarding this issue. For those who have NOT read Intel's statement yet, they clearly have placed the initiative to resolve this serious security hole on the OEM providers, which Asrock would be in the case of motherboards.

Considering that any consumer Intel CPU made since fall of 2015 is affected, you can expect there will be attempts to make use of this vulnerability wherever it is unpatched. 

I await Asrock's official response.


-- Edit-- 

I did notice on their website that ME engine and CPU microcode updates have been released on some server motherboards, and 300 series chipset based motherboards... I hope more will come! I just bought my z270 extreme4 a month ago. I would expect them to issue updates for 200 and 100 series motherboards as well.


Edited by daddyo - 23 Nov 2017 at 2:29am
Back to Top
 Post Reply Post Reply Page  123 8>
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.04
Copyright ©2001-2021 Web Wiz Ltd.

This page was generated in 0.250 seconds.