Flaws found in Intel Management Engine (ME), TXE and SPS

f14tomcat said:

Is that what I'm waiting for? Dell to issue a BIOS update for this box? Currently on BIOS 1.0.10.0. Checked Dell site and nothing new. Is it the BIOS only, or something else also. Yes, I ran the tool.

If your BIOS is not updated with the needed security certificate. But there is a difference between the ME(in BIOS) and MEI(the interface in Windows so it can communicate the the ME in BIOS.
Intel Management Engine (ME) - Intel vPro: Three Generations Of Remote Management

The Intel Management Engine (Intel ME) refers to the hardware features that operate at the baseboard level, below the operating system. By enabling interaction with low-level hardware, Intel gives administrators the ability to perform tasks that previously required someone to be physically present at the desktop.The initial setup of Intel's Management Engine starts by activating it in a compatible PC’s BIOS. Once you enable Intel's ME, you gain access to several BIOS functions.

Cliff S said:

If your BIOS is not updated with the needed security certificate. But there is a difference between the ME(in BIOS) and MEI(the interface in Windows so it can communicate the the ME in BIOS.
Intel Management Engine (ME) - Intel vPro: Three Generations Of Remote Management

Thanks, Cliff. What am I waiting for? Admittedly, I am confused.

f14tomcat said:

Thanks, Cliff. What am I waiting for? Admittedly, I am confused.

You are waitng for a new BIOS: Support für Alienware Aurora R6 | Treiber und Downloads | Dell Deutschland


But for your R6 there isn't one yet.

Gigabyte has implemented safety measures aligned with Intel’s response to the Intel Management Engine (ME) and Intel Trusted Execution Engine (TXE) security vulnerabilities
customers can be reassured their motherboards are fully protected. For all customers who have purchased GIGABYTE motherboards for Intel platforms, please visit the official website to download the latest BIOS versions as well as ME and TXE drivers.
The updates for the motherboards will be released starting with the Z370, 200 series and then previous generation motherboards.

Gigabyte Implements Safety Measures Against Intel ME And TXE Security Vulnerabilities

Partners React:
Dell has since issued a statement advising that over 100 of their systems are affected, including powerful lines like Inspiron, Latitude, Aliwanre, OptiPlex, and more.

Lenovo has also warned its users.

Dell is expecting new firmware soon, while Lenovo is said to have something new by tomorrow, November 23.

Read more: https://www.tweaktown.com/news/59905...cks/index.html

Cliff S said:

You are waitng for a new BIOS: Support für Alienware Aurora R6 | Treiber und Downloads | Dell Deutschland


But for your R6 there isn't one yet.

Thanks. I wasn't sure if it was just that, or a combo of things. Yeah, I checked Dell Support, and no update yet. I get email alerts from them when updates come out, so I'll just wait. Thanks, again.

My Z170A PC MATE doesn't have an update yet

MSI adds latest Intel TXE 3.0 security update to BIOS for 100, 200 and 300 Series motherboards

Currently all MSI 100,200 and 300 series motherboards are supporting the newest Intel TXE 3.0 by updating to the latest BIOS and installing the latest software updates. MSI always places strong emphasis on security and anti-hack issues to makes sure all MSI motherboard users are operating under the most secure circumstances. MSI will continue to provide additional updates if necessary to ensure maximum platform security protection for users.

Upgrade to the latest BIOS for the best protection. Models supported:
MSI 300-series GAMING and PRO Series motherboards
MSI 200-series GAMING and PRO Series motherboards
MSI 100-series GAMING and PRO Series motherboards

MSI adds latest Intel TXE 3.0 security update to BIOS for 100, 200 and 300 Series motherboards | MSI Global

lx07 said:

Unfortunately, you aren't.

They (whoever) can still do what they want. That is the whole point - it runs before (and whether or not) another OS is loaded later.

You could use a pre-2011 Intel processor (where you can turn off IME or perhaps prior versions where it doesn't exist at all) or you could just imagine Intel have your best interests at heart.

I hope for the best personally (I don't do anything interesting) but you are wrong if you think patching IME to only allow Intel access has removed your risk.

It has not.

Oh blah, see my second scan. And I trust Intel! :) Just patched this morning thanks to Cliff S for pointing out the right stuff.



But let's not fight over spilt milk.