Processors
Intel® Processors, Tools, and Utilities
14396 Discussions

Where do I find Intel® ME 11.8.50.3425 to address INTEL-SA-00086?

CCoun
Beginner
6,204 Views

I have a home-built Core i7-6700 rig and I am looking for a Windows 10 64 bit Management Engine update to close the vulnerabilities listed in INTEL-SA-00086 but I can only find one at Lenovo's site for Thinkpads.

(https://pcsupport.lenovo.com/ca/en/downloads/ds112240 Intel Management Engine 11.8 Firmware for Windows 10 (64-bit), 8.1 (64-bit), 7 (32-bit, 64-bit) - ThinkPad)

Where do I find an update that isn't associated with a vendor?

Processor Name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz

Intel(R) ME Information

Engine: Intel(R) Management Engine

Version: 11.6.0.1126

SVN: 1

7 Replies
idata
Employee
2,985 Views

PaulCounts: Thank you very much for contacting the Intel® Processors communities. We will do our best to try to provide the information you are looking for.

 

 

In regard to your inquiry, in order to get the proper Management Engine update for your system, the best thing to do will be to get in contact with Lenovo directly, they should be able to further assist you with this subject:

 

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

 

https://support.lenovo.com/uu/en/product_security/len-17297 https://support.lenovo.com/uu/en/product_security/len-17297

 

 

Any further questions, please let me know.

 

 

Regards,

 

Alberto R
0 Kudos
CSwor
Beginner
2,985 Views

Alberto, I would have thought that to work for Intel you would at least need to know how to read.

The original poster said that he has a own built PC however the only links he could find to resolve this issue we pointing to OEMs. There is no link for us people who built our own computers. I am infuriated with Intels response to this security issue. I too have a processor that is vulnerable, the detection tool gives a link that takes you back to the page where you download the tool from leaving you in an infinite loop of useless information.

What on earth would be the point in the original poster getting in touch with Lenovo, to ask them for advice on a product that is not theirs.

Please can you read peoples posts before you reply, and hopefully you can answer this question we have with relevant information that will allow us to resolve a major security issue. We, your customers who spend a considerable amount of money buying your products, have to wait so long for answers that we would like the right information given the first time around.

0 Kudos
n_scott_pearson
Super User
2,985 Views

Christian,

Per the advisory: "If the INTEL-SA-00086 Detection Tool reported your system being vulnerable, please check with your system (or board) manufacturer for updated firmware."

The update in blue is mine; it points out that, for those folks who built their own system, they need to get the update from their board's manufacturer.

...S

COlof
Beginner
2,985 Views

Hi Paul;

I do not understand why, but, the firmware updates are delivered via a system's BIOS. This being the case and, since you built the system, you are dependent on your mainboard manufacturer. See https://www.asrock.com/microsite/2017IntelFirmware/ Asrock's site, for example. Tom's Hardware has http://www.tomshardware.com/news/psa-remember-update-intel-management-engine,36002.html a good write-up here - note the last paragraph.

In other words, your vendor is your mainboard manufacturer.

hth,

-C

n_scott_pearson
Super User
2,985 Views

It is quite simple. The board manufacturers have control over the content and format of their firmware hub(s). They consider this to be a point of differentiation and thus want to control it. As a result, Intel cannot deliver a generic package that installs the update; the board manufacturer must do so (only they know where to store it in their firmware hub(s)).

Bottom line, you must get the update from your board manufacturer. If your board manufacturer is slow delivering the update or refusing to deliver one at all, let them - and the world - know that this is unacceptable.

...S

CSwor
Beginner
2,985 Views

N.Scott I want to thank you for this clarification. It truly is shocking that the motherboard manufacturers have to be the ones to push a bios update, it's also shocking the amount of time they are taking for this. Personally I use a Asus board where they have only announced an upcoming fix for their workstation (WS) boards, with no fix in sight. I would have thought that surely due to the fact this firmware is on the CPU itself, you would be installing the firmware there? My question to this is, this BIOS update motherboard manufactures are giving out won't fix the CPU will it? It will only change the software/firmware of the motherboard? You take your CPU out and put it into another motherboard, the issue will go with the CPU?

Secondly it would have been nice for Intel to clarify this by reading the original post properly, to give this correct information the first time around.

0 Kudos
n_scott_pearson
Super User
2,985 Views

Oh, no, you misunderstand. The Intel Management Engine (ME) is just one of the set of special microcontrollers that reside within the chipset (PCH component), not the processor. Despite how much it does for the security and proper operation of the processor, it is still a board-level entity.

...S

P.S. Intel will eventually move the ME inside the processor. I could see the ME's firmware then being delivered separately and perhaps (also) be stored within the processor. For now though, while the ME is still in the chipset, it's firmware will continue to reside (somewhere) within the board's Firmware Hub.

0 Kudos
Reply