Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1

Page 1 of 5 123 ... LastLast
    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1

    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1


    Last Updated: 3 Weeks Ago at 14:05
    UPDATE 1/21: Intel Converged Security and Management Engine (Intel CSME) Detection Tool


    Intel ID: INTEL-SA-00213
    Advisory Category: Firmware, Software
    Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure
    Severity rating: HIGH
    Original release: 05/14/2019
    Last revised: 04/14/2020

    Summary:

    Multiple potential security vulnerabilities in Intel® Converged Security & Management Engine (Intel® CSME), Intel® Server Platform Services (Intel® SPS), Intel® Trusted Execution Engine Interface (Intel® TXE), Intel® Dynamic Application Loader (Intel® DAL), and Intel® Active Management Technology (Intel® AMT) may allow escalation of privilege, information disclosure, and/or denial of service. Intel is releasing Intel® CSME, Intel® SPS, Intel® TXE, and Intel® AMT updates to mitigate these potential vulnerabilities.

    Vulnerability Details:

    CVEID: CVE-2019-0089
    Description: Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.
    CVSS Base Score: 8.1 High
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

    CVEID: CVE-2019-0090
    Description: Insufficient access control vulnerability in subsystem for Intel(R) CSME versions 11.x, Intel(R) CSME version 12.0.35, Intel(R) TXE versions 3.x, 4.x, Intel(R) Server Platform Services versions 3.x, 4.x, before SPS_E3_05.01.03.094.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
    CVSS Base Score: 7.1 High
    CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

    CVEID: CVE-2019-0086
    Description: Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
    CVSS Base Score: 7.8 High
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    CVEID: CVE-2019-0091
    Description: Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
    CVSS Base Score: 6.6 Medium
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

    CVEID: CVE-2019-0092
    Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
    CVSS Base Score: 6.8 Medium
    CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    CVEID: CVE-2019-0093
    Description: Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.01.03.094.0 may allow a privileged user to potentially enable information disclosure via local access.
    CVSS Base Score: 2.3 Low
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

    CVEID: CVE-2019-0094
    Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.
    CVSS Base Score: 4.3 Medium
    CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

    CVEID: CVE-2019-0096
    Description: Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.
    CVSS Base Score: 6.7 Medium
    CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

    CVEID: CVE-2019-0097
    Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.
    CVSS Base Score: 4.9 Medium
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

    CVEID: CVE-2019-0098
    Description: Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
    CVSS Base Score: 5.7 Medium
    CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

    CVEID: CVE-2019-0099
    Description: Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.01.03.094.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
    CVSS Base Score: 5.7 Medium
    CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

    CVEID: CVE-2019-0153
    Description: Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
    CVSS Base Score: 9.0 Critical
    CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

    CVEID: CVE-2019-0170
    Description: Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access.
    CVSS Base Score: 8.2 High
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Affected Products:

    Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35

    Intel® CSME, Intel® Active Management Technology, and Intel® DAL
    Updated Intel® CSME Firmware Version Replaces Intel® CSME Firmware Version
    11.8.65 11.0 thru 11.8.60
    11.11.65 11.10 thru 11.11.60
    11.22.65 11.20 thru 11.22.60
    12.0.35 12.0 thru 12.0.20

    Intel® Server Platform Services before versions SPS_E3_05.01.03.094.0, SPS_E5_04.00.04.381.0 and SPS_E5_04.01.04.054.0

    Intel® Server Platform Services
    Updated Intel® Server Platform Services Firmware Version Replaces Intel® Server Platform Services Firmware Version
    SPS_E3_05.01.03.094.0, SPS_SoC-A_04.00.04.181.0 and SPS_SoC-X_04.00.04.086.0 SPS_E3_05.00.00.000.0 thru SPS_E3_05.00.04.027.0, SPS_SoC-A_04.00.00.000.0 thru SPS_SoC-A_04.00.04.177.0
    SPS_E5_04.00.04.381.0 SPS_E5_04.00.00 through SPS_E5_04.00.03
    SPS_E5_04.01.04.054.0 SPS_E5_04.01.00 through SPS_E5_04.01.03

    Intel® Trusted Execution Engine before TXE 3.1.65, 4.0.15

    Intel® Trusted Execution Engine
    Updated Intel® Trusted Execution Engine Firmware Version Replaces Intel® Trusted Execution Engine Firmware Version
    3.1.65 3.0 thru 3.1.50
    4.0.15 4.0 thru 4.0.5

    Note: Firmware versions of Intel® ME 3.x thru 10.x, Intel® TXE 1.x thru 2.x and Intel® Server Platform Services 1.x thru 2.X are no longer supported, thus were not assessed for the vulnerabilities/CVEs listed in this Technical Advisory. There is no new release planned for these versions.

    Recommendations:

    Intel recommends that users of Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT update to the latest version provided by the system manufacturer that addresses these issues.

    Consult updated security guidance for CVE-2019-0090 published here. Additional information on this vulnerability can be found in the CVE-2019-0090 Technical Whitepaper here.

    Acknowledgements:

    Intel would like to thank Lasse Trolle Borup of Langkjaer Cyber Defence (CVE-2019-0086) for reporting this issue. CVE-2019-0090 was found externally by an Intel partner.

    The additional issues were found internally by Intel employees. Intel would like to thank Alex Gutkin, Arie Haenel, Michael Henry, Moshe Wagner, Tikvah Katz, Yaakov Cohen and Yair Netzer.

    Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

    Revision History

    Revision Date Description
    1.0 05/14/2019 Initial Release
    1.1 05/20/2019 CVE correction
    1.2 07/01/2019 Updated Affected Products
    1.3 02/11/2020 Updates to CVE-2019-0090, recommendations and acknowledgements
    1.4 02/14/2020 Clarified versions in CVE-2019-0090
    1.5 03/11/2020 Updates to SPS versions in:
    • CVE-2019-0090, CVE-2019-0093, CVE-2019-0099.
    • Affected products section.
    1.6 04/14/2020 Updates to affected SPS versions

    Updates to the recommendation; added link to the Technical whitepaper for CVE-2019-0090

    Source: https://www.intel.com/content/www/us...-sa-00213.html
    Brink's Avatar Posted By: Brink
    17 May 2019


  1. Posts : 111
    Windows 10 Pro 1903
       #1

    The best way to get the latest firmware is to check station-drivers Firmwares

    CAUTION: Unless you know what are you doing, DON'T update the firmware
      My Computer

  2. Cliff S's Avatar
    Posts : 25,667
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #2

    ROG Boards ME Firmware Downloads

    [FIRMWARE] INTEL ME (Z390)
    [FIRMWARE] Intel ME (Z390)

    [FIRMWARE] Intel ME (Z170/Z270/Z370)
    [FIRMWARE] Intel ME (Z170/Z270/Z370)


    [FIRMWARE] Intel ME (X299)
    [FIRMWARE] Intel ME (X299)
    Last edited by Cliff S; 18 May 2019 at 09:21.
      My Computers

  3. Cliff S's Avatar
    Posts : 25,667
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #3

    Wanna see what ME Firmware can do?
    Code:
    Intel(R) MEInfo Version: 11.8.60.3561
    Copyright(C) 2005 - 2018, Intel Corporation. All rights reserved.
    
    
    
    Intel(R) ME code versions:
    
    BIOS Version                                 1901
    MEBx Version                                 0.0.0.0000
    GbE Version                                  0.2
    Vendor ID                                    8086
    PCH Version                                  0
    FW Version                                   11.8.65.3590 H
    Security Version (SVN)                       3
    LMS Version                                  1907.12.0.1224
    MEI Driver Version                           1914.12.0.1256
    Wireless Hardware Version                    Not Available
    Wireless Driver Version                      Not Available
    
    FW Capabilities                              0x31111540
    
            Intel(R) Capability Licensing Service - PRESENT/ENABLED
            Protect Audio Video Path - PRESENT/ENABLED
            Intel(R) Dynamic Application Loader - PRESENT/ENABLED
            Intel(R) Platform Trust Technology - PRESENT/ENABLED
    
    Re-key needed                                False
    Platform is re-key capable                   True
    TLS                                          Disabled
    Last ME reset reason                         Firmware reset
    Local FWUpdate                               Enabled
    BIOS Config Lock                             Enabled
    GbE Config Lock                              Enabled
    Host Read Access to ME                       Enabled
    Host Write Access to ME                      Disabled
    Host Read Access to EC                       Disabled
    Host Write Access to EC                      Disabled
    SPI Flash ID 1                               C22018
    SPI Flash ID 2                               Unknown
    BIOS boot State                              Post Boot
    OEM ID                                       00000000-0000-0000-0000-000000000000
    Capability Licensing Service                 Enabled
    OEM Tag                                      0x00000000
    Slot 1 Board Manufacturer                    0x00000000
    Slot 2 System Assembler                      0x00000000
    Slot 3 Reserved                              0x00000000
    M3 Autotest                                  Disabled
    C-link Status                                Disabled
    Independent Firmware Recovery                Disabled
    EPID Group ID                                0x1FE3
    LSPCON Ports                                 None
    5K Ports                                     None
    OEM Public Key Hash FPF                      0000000000000000000000000000000000000000000000000000000000000000
    OEM Public Key Hash ME                       0000000000000000000000000000000000000000000000000000000000000000
    ACM SVN FPF                                  0x0
    KM SVN FPF                                   0x0
    BSMM SVN FPF                                 0x0
    GuC Encryption Key FPF                       0000000000000000000000000000000000000000000000000000000000000000
    GuC Encryption Key ME                        0000000000000000000000000000000000000000000000000000000000000000
    
                                                 FPF                      ME
                                                 ---                      --
    Force Boot Guard ACM                         Disabled                 Disabled
    Protect BIOS Environment                     Disabled                 Disabled
    CPU Debugging                                Enabled                  Enabled
    BSP Initialization                           Enabled                  Enabled
    Measured Boot                                Disabled                 Disabled
    Verified Boot                                Disabled                 Disabled
    Key Manifest ID                              0x0                      0x0
    Enforcement Policy                           0x0                      0x0
    PTT                                          Enabled                  Enabled
    PTT Lockout Override Counter                 0x0
    EK Revoke State                              Revoked
    PTT RTC Clear Detection FPF                  0x0
    
    Press any key to continue . . .

    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1-image.png
      My Computers

  4. Cliff S's Avatar
    Posts : 25,667
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #4

    Updated post #2 for ROG boards, there is now an extra thread for Z390 ME & PMC firmware.
      My Computers

  5. Cliff S's Avatar
    Posts : 25,667
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #5

    Something interesting about ME firmware flashing I learned about from a post by MoKiChU at ROG forums:

    The Intel ME firmware consists of 2 parts, one CODE (global) and the other DATA (manufacturer specific). The Intel tool used to flash the Intel ME firmware (FWUpdLcl64.exe) only flashes the CODE part, the DATA portion is not affected and remains as ASUS has configured on the latest flashed BIOS.
      My Computers

  6. Cliff S's Avatar
    Posts : 25,667
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #6

    New version of Intel® Converged Security and Management Engine (Intel® CSME) Detection Tool
    Version: 2.0.6.0 (Latest) Date: 11/14/2019
    Download Intel(R) Converged Security and Management Engine (Intel(R) CSME) Detection Tool

    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1-image.png
      My Computers

  7. krzemien's Avatar
    Posts : 700
    Windows 10 Home x64
       #7

    Thanks very much - and quelle surprise!

    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1-image.png

    What's the culprit here exactly? My IME is up to date (Version: 1909.12.0.1236)?

    Download Intel(R) Management Engine Driver for Windows 8.1* and Windows(R) 10

    And I did not locate any such offending version (11.8.55.3510) of Intel's driver (yet)?

    EDITED TO ADD: Unless it's the whole IME Firmware that's vulnerable, swell...

    EDITED TO ADD FURTHER: So it looks that I missed this chappy back in May?

    https://support.hp.com/us-en/drivers...Id/ob-233585-1

    Alas! System still remains vulnerable...

    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1-image.png

    It will be interesting to see if HP issues an update.
    Last edited by krzemien; 16 Nov 2019 at 03:00. Reason: UPDATED INFORMATION ADDED
      My Computers

  8. Cliff S's Avatar
    Posts : 25,667
    Win10 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       #8

    krzemien said:
    Thanks very much - and quelle surprise!


    What's the culprit here exactly? My IME is up to date (Version: 1909.12.0.1236)?

    .
    It's not the MEI driver only(in device manager), it's the Intel ME firmware(on a chip on the motherboard) you get with a BIOS update through the manufactures site, or if lucky someone in their forums creates an update tool like in ROG forums.

    Also, actions needed:
    This system is not vulnerable. It has already been patched. : OK

    This system is vulnerable. : You need to update your Intel MEI driver then update your Intel ME firmware :

    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1-image.png
    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - July 1-image.png
      My Computers

  9. krzemien's Avatar
    Posts : 700
    Windows 10 Home x64
       #9

    Yup, I figured (well, recalled, it's been a while since I had to update ME Firmware) it out already.

    As far as I can say HP issues (or: used to issue) exactly the same firmware package for quite a few of their PC lines:

    https://support.hp.com/soar-attachme...eleasedoc.html

    So as long as Sky Lake still remains supported by them, I should be fine and should get it soon.

    Thanks again for sober reminder nevertheless!
      My Computers


 
Page 1 of 5 123 ... LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:23.
Find Us




Windows 10 Forums