Intel sa_00086 vulnerability
Brian Robbins
New Member Posts: 4 ✭
Just learned of this new threat vector, ran intel's scan. This was output :
Manufacturer: AAEON
Model: UP-APL01
Processor Name: Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
OS Version: Ubuntu 17.10 artful (4.13.0-17-generic)
*** Intel(R) ME Information ***
Engine: Intel(R) Trusted Execution Engine
Version: 3.0.13.1144
SVN: 0
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Trusted Execution Engine firmware is considered vulnerable for INTEL-SA-00086.
Contact your system manufacturer for support and remediation of this system.
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
So I'm wondering what steps to take.
Edit two weeks later:
Hard to believe in this day and time that UP/AAEON won't even comment on this!?
Manufacturer: AAEON
Model: UP-APL01
Processor Name: Intel(R) Pentium(R) CPU N4200 @ 1.10GHz
OS Version: Ubuntu 17.10 artful (4.13.0-17-generic)
*** Intel(R) ME Information ***
Engine: Intel(R) Trusted Execution Engine
Version: 3.0.13.1144
SVN: 0
*** Risk Assessment ***
Based on the analysis performed by this tool: This system is vulnerable.
Explanation:
The detected version of the Intel(R) Trusted Execution Engine firmware is considered vulnerable for INTEL-SA-00086.
Contact your system manufacturer for support and remediation of this system.
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
So I'm wondering what steps to take.
Edit two weeks later:
Hard to believe in this day and time that UP/AAEON won't even comment on this!?
Comments
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved
Application Version: 1.0.0.128
Scan date: 2017-11-22 07:27:25 GMT
*** Host Computer Information ***
Name: delicode-4H4SF26701
Manufacturer: AAEON
Model: UP-CHT01
Processor Name: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz
OS Version: ubilinux 4.0 dolcetto (4.9.45-ubilinux+)
*** Risk Assessment ***
Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Delicode Ltd - https://www.delicode.com/
https://up-community.org/forum/public-up2hw/2291-deactivation-of-intel-management-engine
This is a very critical Situation for all Vendors, seems they are waiting for Intel what to do.
Seems that even a disabled ME can be used to exploit a machine because AMT is needed for booting the CPU.
We are working on validation of BIOS3.0, which is going to fix this security problem.
Hopefully, we can release by early next week.
BR
Aling
Its Mid January now, when is the new Bios available?
@Jochen Hoff BIOS fix is released. https://downloads.up-community.org/download/up-squared-uefi-bios-v3-3/