English Community

Software and Operating SystemSecurity & Malware
All Forum Topics
Options

30 Posts

01-07-2015

PL

208 Signins

1180 Page Views

  • Posts: 30
  • Registered: ‎01-07-2015
  • Location: PL
  • Views: 1180
  • Message 1 of 46

Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-21, 13:50 PM

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

 

Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk.
Systems are affected if have:
Intel® Manageability Engine Firmware 8.x,/9.x/10.x/11.0.x.x/11.5.x.x/11.6.x.x/11.7.x.x/11.10.x.x/11.20.x.x Server Platform Service 4.0.x.x Intel Trusted Execution Engine 3.0.x.x

Again new AMT firmware upgrade must be released by all manufacturer to solve the problems.

Reply
Options

7829 Posts

09-04-2014

SK

32442 Signins

1197110 Page Views

  • Posts: 7829
  • Registered: ‎09-04-2014
  • Location: SK
  • Views: 1197110
  • Message 2 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-21, 18:47 PM

Please refer to the Lenovo PSIRT site for updates on this vulnerability; affected systems with update links are provided.

https://support.lenovo.com/sk/en/solutions/len-17297

 

Andy

 

English Community Administrator
Lenovo eServices

Please remember to come back and mark the post that you feel answered your question as the solution. 
Did you find a post helpfull? You can thank the member by awarding them a Thumbs Up
 

Please don't ask me questions by Personal Message; questions belong in the forums.
Using Browser Search to find your answers in Lenovo and Moto Community

Reply
Options

12 Posts

10-28-2016

US

20 Signins

157 Page Views

  • Posts: 12
  • Registered: ‎10-28-2016
  • Location: US
  • Views: 157
  • Message 3 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-21, 20:12 PM

Well just download the SA 0006_Windows from Intel as they have explained a whole lot of their CPU chips are subject to Security Vulnerability.

It turn out that the system I am using is one of them. I suggest everyone download the SA 0006_Windows and check your system.

It is now up to Lenovo to get us a fix in the BIOS, and I would hope they do it rather sooner than later.

 

Version:1.0 StartHTML:000000174 EndHTML:000000971 StartFragment:000000335 EndFragment:000000939 StartSelection:000000335 EndSelection:000000939 SourceURL:about:blank
Explanation:
The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086. Contact your system manufacturer for support and remediation of this system.
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

 

Admin Edit: merged in and edited subject.

Reply
Options

4 Posts

10-20-2017

SI

6 Signins

101 Page Views

  • Posts: 4
  • Registered: ‎10-20-2017
  • Location: SI
  • Views: 101
  • Message 4 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-22, 23:21 PM
Risk Assessment
Based on the analysis performed by this tool: This system is vulnerable.

Explanation:
The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086. Contact your system manufacturer for support and remediation of this system.
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

INTEL-SA-00086 Detection Tool
Application Version: 1.0.0.128
Scan date: 22. 11. 2017 23:45:19

Host Computer Information
Name: I700
Manufacturer: LENOVO
Model: 80RU
Processor Name: Intel(R) Core(TM) i5-6300HQ CPU @ 2.30GHz
OS Version: Microsoft Windows 10 Pro

Intel(R) ME Information
Engine: Intel(R) Management Engine
Version: 11.0.0.1202 
SVN: 1

Copyright(C) 2017, Intel Corporation, All rights reserved.

IdeaPad 700 is also vulnerable but I don't see it on this list https://support.lenovo.com/si/en/product_security/len-17297#IdeaPad. Did you miss it?

 

Admin Edit: merged in and edited subject.

Reply
Options

6362 Posts

08-17-2015

SK

26366 Signins

549144 Page Views

  • Posts: 6362
  • Registered: ‎08-17-2015
  • Location: SK
  • Views: 549144
  • Message 5 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-23, 13:03 PM

Hello dragun50,

 

which System/Model are you referring to? I would advise to check the following LEN-17297 Security Advisory which holds the most up-to-date information regarding impacted systems.

 

Best regards,

 

Admin Edit: merged in and edited subject.

Juraj
German, Czech & Slovak Community Lead


Wurde dein Problem bei uns bereits besprochen? Schau mal nach: Forum Suchoption
Bitte füge den Typ, Modell (nicht die S/N) und das benutzte OS zu deiner Nachricht hinzu. Es beschleunigt die Lösung deines Problems.



  Communities:   English    Deutsch    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Polski    Türkçe    Moto English

Reply
Options

12 Posts

10-28-2016

US

20 Signins

157 Page Views

  • Posts: 12
  • Registered: ‎10-28-2016
  • Location: US
  • Views: 157
  • Message 6 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-23, 13:39 PM

Which is all well and good, but as mine is one listed as affected, I am probably more concerened than you are.

there is nothing there to even suggest that Lenovo is activley looking into fixing the ones still affected.

Just what do I do to see if or when they do something about it? To date I have never had any sort of notifcation from Lenovo about any of this. 

I guess once the warranty is off an one no longer owes them money, we become a lost voice from what I see.

 

Thank you for showing me they know about it, but until you can show me where they do someting about it, no use in looking, is there.

 

Admin Edit: merged in and edited subject.

Reply
Options

3 Posts

11-23-2017

LT

22 Signins

197 Page Views

  • Posts: 3
  • Registered: ‎11-23-2017
  • Location: LT
  • Views: 197
  • Message 7 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-23, 18:04 PM

   

when a fix will be up?

 tools https://downloadcenter.intel.com/download/27150

 

Mod's Edit: This post was merged with an existing discussion on the issue.

 

Reply
Options

6362 Posts

08-17-2015

SK

26366 Signins

549144 Page Views

  • Posts: 6362
  • Registered: ‎08-17-2015
  • Location: SK
  • Views: 549144
  • Message 8 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-23, 21:52 PM

Hello dragun50,

if your system is listed under the affected ones and there is no estimate on when the update for your machine is going to be live, then you just have to wait it out until the document gets updated. As you can see on the bottom of the document, it was released just days ago, on the 20th of November. I can't tell you when the document is going to be updated next, but the only notification you could get regarding this would be via Lenovo Companion which will prompt you to install the new IME FW when it gets released. The place to download the actual installer of the fix would then be the download section on the support page for your product.

Best regards,

 

Admin Edit: merged in and edited subject.

Juraj
German, Czech & Slovak Community Lead


Wurde dein Problem bei uns bereits besprochen? Schau mal nach: Forum Suchoption
Bitte füge den Typ, Modell (nicht die S/N) und das benutzte OS zu deiner Nachricht hinzu. Es beschleunigt die Lösung deines Problems.



  Communities:   English    Deutsch    Español    Português    Русскоязычное    Česká    Slovenská    Українська   Polski    Türkçe    Moto English

Reply
Options

1 Posts

11-24-2017

FR

1 Signins

36 Page Views

  • Posts: 1
  • Registered: ‎11-24-2017
  • Location: FR
  • Views: 36
  • Message 9 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-24, 15:40 PM

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Where can I find updated management engine firmware for the Ideapad 500-15isk? (ME firmware version 11.0.0.1160 LP)

Alternatively, can I safely disable the ME altogether via http://blog.ptsecurity.com/2017/08/disabling-intel-me.html ?

 

Admin note; post merged in, subject edited.

Reply
Options

7 Posts

09-30-2017

ES

6 Signins

70 Page Views

  • Posts: 7
  • Registered: ‎09-30-2017
  • Location: ES
  • Views: 70
  • Message 10 of 46

Re: Intel Manageability Engine Firmware 8.x/9.x/10.x/11.x- security vulnerabilities

2017-11-25, 1:54 AM

Hi,

 

Same for ideapad 110-15ISK (80UD).

 

Not listed & its vulnerable.

 

Admin Edit: merged in and edited subject.

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete