Good day,
I am writing from Keysight Technologies, and our team is currently working on a custom-developed motherboard that went through the Intel AMT vulnerability problem. According to Intel® Product Security Center , upgrading the ME version to any versions newer than 11.6 should patch up the vulnerability, however despite upgrading to ME version 11.7.0.1229, the Intel SA detection tool still returns a "Vulnerable" status. Any chance that the detection tool application (version 1.0.2.116) returns an erroneous status, or is ME version 11.7.0.1229 really still vulnerable?
Snapshot of the results attached below:
Risk Assessment
Based on the analysis performed by this tool, this system is vulnerable
Explanation:
The detected version of the Management Engine firmware is considered vulnerable for INTEL-SA-00075.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689
or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075
INTEL-SA-00075 Detection Tool
Application Version: 1.0.2.116
Scan date: 2017-07-24 14:18:52
Host Computer Information
Name: KEYSIGH-SKS1OJL
Manufacturer: Default string
Model: Default string
Processor Name: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Windows Version: Microsoft Windows 10 Enterprise 2016 LTSB
ME Information
Version: 11.7.0.1229
SKU: Intel(R) Full AMT Manageability
Provisioning Mode: Not Provisioned
Control Mode: None
Is CCM Disabled: False
Driver installation found: True
EHBC Enabled: False
LMS service state: Stopped
microLMS service state: NotPresent
Looking forward to your reply.
Thanks and regards,
Z.Tan