Intel Management Engine vulnerability - VULNERABLE

Just to let you know that the Intel-SA-00075 Discovery Tool says: the System is VULNERABLE
XPS 15 9550, ME version: 11.0.18.1002
A table indicates 5th gen Core needs ME 11.0.25.3001, 6th gen Core 11.6.27.3264, etc.
The most recent update at Dell support for the 9550 is 11.5.0.1020, for the 9560 11.6.0.1047.
I'm not sure if a remote exploit is possible. But a local exploit (gaining elevated access otherwise) is bad enough, because it is undetectable/unwipable by any antivirus, the wet dream of every hacker.

https://downloadcenter.intel.com/download/26755
http://www.tomshardware.com/news/intel-amt-vulnerability-me-dangerous,34300.html
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
https://arstechnica.com/security/20...ecution-bug-that-lurked-in-cpus-for-10-years/

 

Your tax dollars at work!

 

How to check for the Intel Active Management exploit that lets hackers take over your PC
By Gordon Mah Ung
EXECUTIVE EDITOR, PCWORLD | MAY 9, 2017 3:25 AM PT
http://www.techconnect.com/article/...loit-that-lets-hackers-take-over-your-pc.html

" How to find out whether your PC is safe
While the vast majority of consumer PCs probably don't have the exploit, it wouldn't hurt to take five minutes to check your system.

First, download Intel's tool to check for the vulnerability. You can also click this link to download it from Intel directly. It's listed as supporting Windows 10 and Windows 7, but we had no issues running it on Windows 8.1.

Once you've downloaded it, decompress the zip file to a folder. Open the folder, then open its Windows subfolder. Inside you'll find several files. Launch Intel-SA-00075-GUI.exe."

INTEL-SA-00075 Detection Guide
Version: 1.0 (Latest) Date: 5/3/2017
https://downloadcenter.intel.com/download/26755
https://downloadcenter.intel.com/do...ntel.com/26755/eng/Intel-SA-00075_1.0.1.6.zip

 

Glad to see the 9560 on the latest BIOS is safe

 

Dell's BIOS Update release schedule:

http://www.dell.com/support/article...n-intel-amt-advisory--intel-sa-00075-?lang=EN

 

The link you have followed may be incorrect or the article may no longer be available. For the latest solutions, please enter search terms that describe your request in the search box on this page.

 

It's still working for me

Right click on the URL and "copy address" not Copy, as that won't get the whole URL - you'll get the "..." ellipses instead of the correct "whole" URL:

Dell Client Statement on Intel AMT Advisory (INTEL-SA-00075)
http://www.dell.com/support/article...n-intel-amt-advisory--intel-sa-00075-?lang=EN

 

Actually nobody is "safe", cause the Intel ME is still present in your BIOS, they just fixed the actual issue.
The Intel ME is a major security breach on every single computer, and people/medias are just discovering it now.

Just wait till we really start a massive deployment of BIOS level Rootkits, people will realise how much Intel ****ed everyone up.

Do not believe that those systems are meant to enhance user security and are useful for system administrators.
This is an illusion.
Do not wonder... government agencies are behind it.

Proprietary systems, etc. Will never be safe, as you will never really know what is inside it.
The future is open source!

 

Dell just issued a BIOS update to address this: http://www.dell.com/support/home/ie...driverID=3W30W&productCode=xps-15-9550-laptop

 

The XPS 15 9560 also has a firmware update (1.3.3, released yesterday and marked as "urgent") addressing this. I just installed it and the installation went without problems (caveat: 1.2.4 also worked fine for me, but it gave some people problems so if you're updating from before that, be aware of the Fn diagnostic BIOS trick).

 

9560 BIOS updated without issue this time.

 

Interesting that the update comes not so long after Dell saying it did not affect XPS 15. So much about how much one can expect from Dell folks at the "community" forum, hehe

http://en.community.dell.com/support-forums/laptop/f/3518/t/20011662

 

I suspect what Dell meant was that the Intel Active Management software which allows for the exploitation of this flaw is not installed by default on the XPS 15 (at least I can't find it on my 9560). It is of course a terrible idea to rely on the software configuration to mask a problem in the BIOS so everyone should update, but I suspect most XPS 15 machines are not in any immediate danger.