Intel Issues Updates to Protect Systems from Security Exploits

Cliff S said:

Don't look for a driver, that has nothing to do with it, it is a firmware, part of the UEFI BIOS for your specific motherboard.
In Shawn's first post on this thread, he has a link to the current SA 00086 checker(last link at the end of the post).Version: 1.0.0.152 (Latest) Date: 12/19/2017

   Note

If you have updated your BIOS and the tool say's you are still vulnerable. Restart your PC, and as soon as you get back to the desktop, run the tool again before all your system tray programs and services are loaded. It can be that some of your software is causing a false positive.

In continuing to look into this Intel problem and the Asus Z170-Pro the problem I have is this page at Asus shows the problem to be solved through "update by ME tool" but the tool application will not run but invokes a message "can't open AsIO.sys !! (2)". The only Asus software I have on this machine is for the sound card. May need to uninstall that first before this program will run. I'll check that later and reply here on what I find but going out now.

wordsworth said:

In continuing to look into this Intel problem and the Asus Z170-Pro the problem I have is this page at Asus shows the problem to be solved through "update by ME tool" but the tool application will not run but invokes a message "can't open AsIO.sys !! (2)". The only Asus software I have on this machine is for the sound card. May need to uninstall that first before this program will run. I'll check that later and reply here on what I find but going out now.

Yes I tried that to run this too. The instructions are so vague as to what to do. I’m not on pc at moment but I chose something to run, it might of been something like MEupdate.exe, there were numerous files extracted but that sounded the right one. But it errored out, can’t remember the message but it was different to your one.

Hi,

Do you realize how many different variations of motherboards use the same chipset alone? If that sort of thing happened where Microsoft tried to push out a microcode update to all the different motherboard chipsets/models, how many do you think would end up bricked? One would be too many, but you can bet that it would number in thousands (if not hundreds of thousands or millions even).

These micro code updates are for CPU's, not motherboards or their chipsets actually. Microsoft also already updates micro codes through WU service.
Now for who has to update these is open for debate but in this particular case I know Intel's partners will handle their share of it through their support services.

Cheers,

stormy13 said:

That's just it, it is their devices. It is not now and never should be up to Microsoft to be updating the microcode on any device but their own.

Do you realize how many different variations of motherboards use the same chipset alone? If that sort of thing happened where Microsoft tried to push out a microcode update to all the different motherboard chipsets/models, how many do you think would end up bricked? One would be too many, but you can bet that it would number in thousands (if not hundreds of thousands or millions even).

Even so, there are still major issues users are experiencing. Just go to Microsoft's own community forms and you'll see the postings mounting since Jan 3 when their update was first pushed out. I still haven't heard or read that Microsoft has even acknowledge their update is failing for many people.

stormy13 said:

That's just it, it is their devices. It is not now and never should be up to Microsoft to be updating the microcode on any device but their own.

Do you realize how many different variations of motherboards use the same chipset alone? If that sort of thing happened where Microsoft tried to push out a microcode update to all the different motherboard chipsets/models, how many do you think would end up bricked? One would be too many, but you can bet that it would number in thousands (if not hundreds of thousands or millions even).

It might cause problems. But if Intel and Microsoft think that most people are actually going to do the update on their own, then they're completely delusional.

Hi,

"update by ME tool" but the tool application will not run but invokes a message "can't open AsIO.sys !! (2)"

That driver is part of Asus' ROG AI Suite which throws an error. No idea why it would do that when you update the MEI firmware.

Cheers,

Getting a little confused. I have an old Asus X99-A with the latest BIOS date of 12/4/17 which I updated a couple of weeks ago. I have an i7-5820K. Just wondering why when I ran the detection tool, it came back that I was not vulnerable. I made sure I was running the latest detection tool and ran it again. Ran the GUI and the console version of the tool. I am probably missing something, but I wonder why it's telling me I'm okay.

Hi,

You flashed the bios which had a time stamp of 12/4/2017. Assuming the tool you ran was Intel's SA00086 it now tells you the machine is no longer vulnerable as far as the MEI part goes.

In order to know wether it's secure for the other threats (Spectre and Meltdown) you need to run the Powershell commands that have been discussed here.

This thread would be more pertinent to your question:

Flaws found in Intel Management Engine (ME), TXE and SPS

Cheers,

Yes it was Intel's SA00086. Thanks for the link.

Updated with the Gigabyte Intel Update Utility (12/21/17) and the Powershell script shows still vulnerable.