Intel Issues Updates to Protect Systems from Security Exploits
-
Hmmm. I tried the detection tool again and it still says vulnerable. I have not though been successful installing the ME update Asus speaks of in their BIOS page and this because I cannot find this driver they refer to. I think I'm done for now though. This is what the page says at Asus:
Version -2017/11/223.71 MBytesMEUpdateTool
Intel has identified security issue that could potentially place impacted platform at risk. Use ME Update tool to update your ME.
*We suggest you update ME Driver to the latest Version 11.7.0.1040 simultaneously.
Please download the file and check the MD5 code first.
MD5: 6d3df63d6fe7019f956e91aeb6bc9410"
Is this a fresh downloaded version of the tool from the Intel site?
It has been updated lately.
-
-
Hi,
I have not though been successful installing the ME update Asus speaks of in their BIOS page and this because I cannot find this driver they refer to
It's not a driver but a firmware update contained in the bios update. If the bios/uefi flash was successful then your machine should now pas the MEI test form Intel.
Cheers,
-
It’s totally confusing. Mine is an ASUS Z170 pro gaming on old 2015 BIOS 0802. Struggling to grasp exactly what is needed to be done. There are references to BIOS, references to management engine interface. I’ve seen that things need to be done in specific order somewhere too. I’m sure the average computer user has little chance of figuring this out. I don’t think I am prepared to mess about with things like the BIOS so Intel and MS really need to sort this out fully via a software/windows update full fix.
I know it’s a different thing but there was a big fuss at start of 2016 over skylake and some kind of bug requiring an urgent microcode fix through BIOS updates from motherboard manufacturers. I never applied it choosing to stay with the BIOS shipped and my machine has never stuttered or had a problem because of this. I kind of wonder if the BIOS / interface updates maybe overkill for the average user
You really need to update your BIOS. It can be a nervous thing to do but it really isn't all that difficult. In sum you download and put the .CAP file on a thumb drive and apply the BIOS to the computer.
1. Go to the Asus webpage for your Pro Gaming board by typing in the Bing search engine Asus Z170 Pro Gaming and click Support on that page. Click Drivers and Tools then select your operating system Windows 10 64 bit. Scroll down and under BIOS click See All Downloads. Click download for the Version 3501 and after downloading put a USB thumb drive in your computer.
2. Right click on the directory Asus Z170 3501 created and use the Extract all command then go to that directory and copy the .CAP file to the USB thumb drive.
If you want to do this we can walk you through as there really isn't much more to do than to reboot with the thumb drive in the computer then as it is booting press the Delete key to go into the BIOS and a couple of steps later the computer is doing the rest.
-
Is this a fresh downloaded version of the tool from the Intel site?
It has been updated lately.
I doubt it is Cliff. I take it as Asus' way of saying you need this "latest driver," The trouble is I've tried finding a driver at Intel's website but they are all specific to a system, like Intel's NUCs. It comes down to Asus pointing to Intel, and Intel back at Asus which since the mobo manufacturers do customize things probably is where one needs to get a customized driver, unless one can find a driver alone. But therein lies the problem as I cannot find a stripped down version of this driver, one that is a generic driver for all let us say Skylake systems.
-
-
Hi,
It's not a driver but a firmware update contained in the bios update. If the bios/uefi flash was successful then your machine should now pas the MEI test form Intel.
Cheers,
So far my system does not pass Intel's software test which I ran again several moments ago. The Asus site I quoted above refers to a specific driver, 11.7.0.1040, but then offers no help in finding this driver at Intel's site. Some sites like softpedia offer it but first you get Driver Genius type stuff and I don't go there. Like Cliff said I think I've done all the damage I can. At least for today.
-
You really need to update your BIOS. It can be a nervous thing to do but it really isn't all that difficult. In sum you download and put the .CAP file on a thumb drive and apply the BIOS to the computer.
1. Go to the Asus webpage for your Pro Gaming board by typing in the Bing search engine Asus Z170 Pro Gaming and click Support on that page. Click Drivers and Tools then select your operating system Windows 10 64 bit. Scroll down and under BIOS click See All Downloads. Click download for the Version 3501 and after downloading put a USB thumb drive in your computer.
2. Right click on the directory Asus Z170 3501 created and use the Extract all command then go to that directory and copy the .CAP file to the USB thumb drive.
If you want to do this we can walk you through as there really isn't much more to do than to reboot with the thumb drive in the computer then as it is booting press the Delete key to go into the BIOS and a couple of steps later the computer is doing the rest.
I just tried. I copied the .CAP file to usd, went to bios, tool, ez flash utility, selected the cap file, it said ezflash, do you want to read this file? I said yes, but it says selected file is not a proper BIOS
-
I just tried. I copied the .CAP file to usd, went to bios, tool, ez flash utility, selected the cap file, it said ezflash, do you want to read this file? I said yes, but it says selected file is not a proper BIOS
First be certain the .CAP file you copied to the thumb drive came from the unzipped directory. The directory created when you downloaded the file will have a zipper on the directory icon, and the directory created when it is unzipped will have a plain windows yellow directory icon. I would delete first the .CAP file you have on the thumb drive and begin again. Meanwhile I'll go through the BIOS on my machine and see what else may have gone wrong.
-
I doubt it is Cliff. I take it as Asus' way of saying you need this "latest driver," The trouble is I've tried finding a driver at Intel's website but they are all specific to a system, like Intel's NUCs. It comes down to Asus pointing to Intel, and Intel back at Asus which since the mobo manufacturers do customize things probably is where one needs to get a customized driver, unless one can find a driver alone. But therein lies the problem as I cannot find a stripped down version of this driver, one that is a generic driver for all let us say Skylake systems.
Don't look for a driver, that has nothing to do with it, it is a firmware, part of the UEFI BIOS for your specific motherboard.
In Shawn's first post on this thread, he has a link to the current SA 00086 checker(last link at the end of the post).Version: 1.0.0.152 (Latest) Date: 12/19/2017
Versions of the INTEL-SA-00086 Detection Tool earlier than 1.0.0.146 did not check for CVE-2017-5711 and CVE-2017-5712. These CVEs only affect systems with Intel® Active Management Technology (Intel® AMT) version 8.x-10.x.
Users of systems with Intel AMT 8.x-10.x are encouraged to install version 1.0.0.146, or later. Installing this version helps to verify the status of their system with regard to the INTEL-SA-00086 Security Advisory. You can check the version of the INTEL-SA-00086 Detection Tool by running the tool and looking for the version information in the output window.
Note
If you have updated your BIOS and the tool say's you are still vulnerable. Restart your PC, and as soon as you get back to the desktop, run the tool again before all your system tray programs and services are loaded. It can be that some of your software is causing a false positive.
-
Information
you can also try it in Safe Mode as it will work
@Brink, maybe you can add this(and the note in my post above) to your first post in the correct thread:)
I just tested it.
As my PC has been on most of the day, SA_00086 started giving me the message it was vulnerable, and the reboot, and safe mode both say I'm ok,
-
-
Don't look for a driver, that has nothing to do with it, it is a firmware, part of the UEFI BIOS for your specific motherboard.
In Shawn's first post on this thread, he has a link to the current SA 00086 checker(last link at the end of the post).Version: 1.0.0.152 (Latest) Date: 12/19/2017
Note
If you have updated your BIOS and the tool say's you are still vulnerable. Restart your PC, and as soon as you get back to the desktop, run the tool again before all your system tray programs and services are loaded. It can be that some of your software is causing a false positive.
It is as you've said that I've done all I can. The latest Intel software still says this system is vulnerable whether it is a false positive I'll check later on that.