Intel sa_00086 vulnerability
Brian Robbins
New Member Posts: 4 ✭
Just learned of this new threat vector, ran intel's scan. This was output :
Manufacturer: AAEON
Model: UP-APL01
Processor Name: Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
OS Version: Ubuntu 17.10 artful (4.13.0-17-generic)
*** Intel(R) ME Information ***
Engine: Intel(R) Trusted Execution Engine
Version: 3.0.13.1144
SVN: 0
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Trusted Execution Engine firmware is considered vulnerable for INTEL-SA-00086.
Contact your system manufacturer for support and remediation of this system.
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
So I'm wondering what steps to take.
Edit two weeks later:
Hard to believe in this day and time that UP/AAEON won't even comment on this!?
Manufacturer: AAEON
Model: UP-APL01
Processor Name: Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
OS Version: Ubuntu 17.10 artful (4.13.0-17-generic)
*** Intel(R) ME Information ***
Engine: Intel(R) Trusted Execution Engine
Version: 3.0.13.1144
SVN: 0
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Trusted Execution Engine firmware is considered vulnerable for INTEL-SA-00086.
Contact your system manufacturer for support and remediation of this system.
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
So I'm wondering what steps to take.
Edit two weeks later:
Hard to believe in this day and time that UP/AAEON won't even comment on this!?
Comments
-
This probably isn't news, but I'm adding the standard UpBoard results in this thread as well.
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved
Application Version: 1.0.0.128
Scan date: 2017-11-22 07:27:25 GMT
*** Host Computer Information ***
Name: delicode-4H4SF26701
Manufacturer: AAEON
Model: UP-CHT01
Processor Name: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz
OS Version: ubilinux 4.0 dolcetto (4.9.45-ubilinux+)
*** Risk Assessment ***
Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-frDelicode Ltd - https://www.delicode.com/
-
Can someone at UP/AAEON comment? I've stopped using my Up boards til we get a fix.
-
I asked thiy Question one month ago.
https://up-community.org/forum/public-up2hw/2291-deactivation-of-intel-management-engine
This is a very critical Situation for all Vendors, seems they are waiting for Intel what to do.
Seems that even a disabled ME can be used to exploit a machine because AMT is needed for booting the CPU. -
Hello,
We are working on validation of BIOS3.0, which is going to fix this security problem.
Hopefully, we can release by early next week.
BR
Aling -
Its Mid January now, when is the new Bios available?
-
