Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - May 14

  1. Brink's Avatar
    Posts : 40,717
    64-bit Windows 10 Pro build 18932
       #1

    Intel CSME, SPS, TXE, DAL, and Intel AMT 2019.1 QSR Advisory - May 14


    Intel ID: INTEL-SA-00213
    Advisory Category: Firmware, Software
    Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure
    Severity rating: HIGH
    Original release: 05/14/2019
    Last revised: 05/14/2019

    Summary:

    Multiple potential security vulnerabilities in Intel® Converged Security & Management Engine (Intel® CSME), Intel® Server Platform Services (Intel® SPS), Intel® Trusted Execution Engine Interface (Intel® TXE), Intel® Dynamic Application Loader (Intel® DAL), and Intel® Active Management Technology (Intel® AMT) may allow escalation of privilege, information disclosure, and/or denial of service. Intel is releasing Intel® CSME, Intel® SPS, Intel® TXE, and Intel® AMT updates to mitigate these potential vulnerabilities.

    Vulnerability Details:

    CVEID: CVE-2019-0089
    Description: Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access.
    CVSS Base Score: 8.1 High
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:H/A:H

    CVEID: CVE-2019-0090
    Description: Insufficient access control vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow unauthenticated user to potentially enable escalation of privilege via physical access.
    CVSS Base Score: 7.1 High
    CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

    CVEID: CVE-2019-0086
    Description: Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
    CVSS Base Score: 7.8 High
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    CVEID: CVE-2019-0091
    Description: Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
    CVSS Base Score: 6.6 Medium
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

    CVEID: CVE-2019-0092
    Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
    CVSS Base Score: 6.8 Medium
    CVSS Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

    CVEID: CVE-2019-0093
    Description: Insufficient data sanitization vulnerability in HECI subsystem for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow a privileged user to potentially enable information disclosure via local access.
    CVSS Base Score: 2.3 Low
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

    CVEID: CVE-2019-0094
    Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access.
    CVSS Base Score: 4.3 Medium
    CVSS Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

    CVEID: CVE-2019-0096
    Description: Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.
    CVSS Base Score: 6.7 Medium
    CVSS Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

    CVEID: CVE-2019-0097
    Description: Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access.
    CVSS Base Score: 4.9 Medium
    CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

    CVEID: CVE-2019-0098
    Description: Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
    CVSS Base Score: 5.7 Medium
    CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

    CVEID: CVE-2019-0099
    Description: Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
    CVSS Base Score: 5.7 Medium
    CVSS Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

    CVEID: CVE-2019-0153
    Description: Buffer overflow in subsystem in Intel(R) CSME before version 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
    CVSS Base Score: 9.0 Critical
    CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

    CVEID: CVE-2019-0170
    Description: Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access.
    CVSS Base Score: 8.2 High
    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

    Affected Products:

    Intel® CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35

    Intel® CSME, Intel® Active Management Technology, and Intel® DAL
    Updated Intel® CSME Firmware Version Replaces Intel® CSME Firmware Version
    11.8.65 11.0 thru 11.8.60
    11.11.65 11.10 thru 11.11.60
    11.22.65 11.20 thru 11.22.60
    12.0.35 12.0 thru 12.0.20

    Intel® Server Platform Services before versions
    SPS_E3_05.00.04.027.0

    Intel® Server Platform Services
    Updated Intel® Server Platform Services Firmware Version Replaces Intel® Server Platform Services Firmware Version
    SPS_E3_05.00.04.027.0 SPS_E3_05.00.00.000.0 thru SPS_E3_05.00.04.023.0

    Intel® Trusted Execution Engine before TXE 3.1.65, 4.0.15

    Intel® Trusted Execution Engine
    Updated Intel® Trusted Execution Engine Firmware Version Replaces Intel® Trusted Execution Engine Firmware Version
    3.1.65 3.0 thru 3.1.50
    4.0.15 4.0 thru 4.0.5

    Note: Firmware versions of Intel® ME 3.x thru 10.x, Intel® TXE 1.x thru 2.x and Intel® Server Platform Services 1.x thru 2.X are no longer supported, thus were not assessed for the vulnerabilities/CVEs listed in this Technical Advisory. There is no new release planned for these versions.

    Recommendations:

    Intel recommends that users of Intel® CSME, Intel® SPS, Intel® TXE, Intel® DAL, and Intel® AMT update to the latest version provided by the system manufacturer that addresses these issues.

    Acknowledgements:

    Intel would like to thank Lasse Trolle Borup of Langkjaer Cyber Defence (CVE-2019-0086) for reporting this issue. CVE-2019-0090 was found externally by an Intel partner.

    The additional issues were found internally by Intel employees. Intel would like to thank Alex Gutkin, Arie Haenel, Michael Henry, Moshe Wagner, Tikvah Katz, Yaakov Cohen and Yair Netzer.

    Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

    Revision History

    Revision Date Description
    1.0 05/14/2019 Initial Release

    Source: https://www.intel.com/content/www/us...-sa-00213.html
      My ComputersSystem Spec

  2.    #1

    The best way to get the latest firmware is to check station-drivers Firmwares

    CAUTION: Unless you know what are you doing, DON'T update the firmware
      My ComputerSystem Spec

  3. Cliff S's Avatar
    Posts : 24,976
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       #2

    ROG Boards ME Firmware Downloads

    [FIRMWARE] INTEL ME (Z390)
    [FIRMWARE] Intel ME (Z390)

    [FIRMWARE] Intel ME (Z170/Z270/Z370)
    [FIRMWARE] Intel ME (Z170/Z270/Z370)


    [FIRMWARE] Intel ME (X299)
    [FIRMWARE] Intel ME (X299)
    Last edited by Cliff S; 18 May 2019 at 09:21.
      My ComputersSystem Spec

  4. Cliff S's Avatar
    Posts : 24,976
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       #3

    Wanna see what ME Firmware can do?
    Code:
    Intel(R) MEInfo Version: 11.8.60.3561
    Copyright(C) 2005 - 2018, Intel Corporation. All rights reserved.
    
    
    
    Intel(R) ME code versions:
    
    BIOS Version                                 1901
    MEBx Version                                 0.0.0.0000
    GbE Version                                  0.2
    Vendor ID                                    8086
    PCH Version                                  0
    FW Version                                   11.8.65.3590 H
    Security Version (SVN)                       3
    LMS Version                                  1907.12.0.1224
    MEI Driver Version                           1914.12.0.1256
    Wireless Hardware Version                    Not Available
    Wireless Driver Version                      Not Available
    
    FW Capabilities                              0x31111540
    
            Intel(R) Capability Licensing Service - PRESENT/ENABLED
            Protect Audio Video Path - PRESENT/ENABLED
            Intel(R) Dynamic Application Loader - PRESENT/ENABLED
            Intel(R) Platform Trust Technology - PRESENT/ENABLED
    
    Re-key needed                                False
    Platform is re-key capable                   True
    TLS                                          Disabled
    Last ME reset reason                         Firmware reset
    Local FWUpdate                               Enabled
    BIOS Config Lock                             Enabled
    GbE Config Lock                              Enabled
    Host Read Access to ME                       Enabled
    Host Write Access to ME                      Disabled
    Host Read Access to EC                       Disabled
    Host Write Access to EC                      Disabled
    SPI Flash ID 1                               C22018
    SPI Flash ID 2                               Unknown
    BIOS boot State                              Post Boot
    OEM ID                                       00000000-0000-0000-0000-000000000000
    Capability Licensing Service                 Enabled
    OEM Tag                                      0x00000000
    Slot 1 Board Manufacturer                    0x00000000
    Slot 2 System Assembler                      0x00000000
    Slot 3 Reserved                              0x00000000
    M3 Autotest                                  Disabled
    C-link Status                                Disabled
    Independent Firmware Recovery                Disabled
    EPID Group ID                                0x1FE3
    LSPCON Ports                                 None
    5K Ports                                     None
    OEM Public Key Hash FPF                      0000000000000000000000000000000000000000000000000000000000000000
    OEM Public Key Hash ME                       0000000000000000000000000000000000000000000000000000000000000000
    ACM SVN FPF                                  0x0
    KM SVN FPF                                   0x0
    BSMM SVN FPF                                 0x0
    GuC Encryption Key FPF                       0000000000000000000000000000000000000000000000000000000000000000
    GuC Encryption Key ME                        0000000000000000000000000000000000000000000000000000000000000000
    
                                                 FPF                      ME
                                                 ---                      --
    Force Boot Guard ACM                         Disabled                 Disabled
    Protect BIOS Environment                     Disabled                 Disabled
    CPU Debugging                                Enabled                  Enabled
    BSP Initialization                           Enabled                  Enabled
    Measured Boot                                Disabled                 Disabled
    Verified Boot                                Disabled                 Disabled
    Key Manifest ID                              0x0                      0x0
    Enforcement Policy                           0x0                      0x0
    PTT                                          Enabled                  Enabled
    PTT Lockout Override Counter                 0x0
    EK Revoke State                              Revoked
    PTT RTC Clear Detection FPF                  0x0
    
    Press any key to continue . . .

    Click image for larger version. 

Name:	image.png 
Views:	1 
Size:	376.0 KB 
ID:	234088
      My ComputersSystem Spec

  5. Cliff S's Avatar
    Posts : 24,976
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       #4

    Updated post #2 for ROG boards, there is now an extra thread for Z390 ME & PMC firmware.
      My ComputersSystem Spec

  6. Cliff S's Avatar
    Posts : 24,976
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       #5

    Something interesting about ME firmware flashing I learned about from a post by MoKiChU at ROG forums:

    The Intel ME firmware consists of 2 parts, one CODE (global) and the other DATA (manufacturer specific). The Intel tool used to flash the Intel ME firmware (FWUpdLcl64.exe) only flashes the CODE part, the DATA portion is not affected and remains as ASUS has configured on the latest flashed BIOS.
      My ComputersSystem Spec


 

Related Threads
Source: INTEL-SA-00218
Source: INTEL-SA-00203
Source: INTEL-SA-simple-template
Source: INTEL-SA-00118
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 17:17.
Find Us