INTEL Security Flaw

D

damascus

Active member
This post is for the information of all users of this forum.
Intel has identified security vulnerabilities that could potentially impact certain PCs, servers, and IoT platforms.
I have posted here as I cannot see any other suitable place. I have done a general search in these forums but nothing is mentioned about this issue. Perhaps a moderator could move this post to a more suitable location if required.
I have downloaded the Intel Detection Tool and a scan has indicated that my PC is vulnerable. The Intel article is below

https://www.intel.co.uk/content/www/uk/en/support/articles/000025619/software.html

Intel has notified most of the major PC builders, but PCS is not listed. The latest news indicates that most builders have not yet released a fix.
Will PCS be looking at this issue and providing a fix - soon rather than later - it is classified as 'critical'?
I have also sent a general inquiry to PCS.

Damascus
 
ubuysa

ubuysa

The BSOD Doctor
Thanks for this. The Intel tool shows my system as vulnerable and I have escalated this through the mods channel.
 
ubuysa

ubuysa

The BSOD Doctor
Thanks to Oussebon I've downloaded the MEI update for my Asus motherboard (Z170-E) from the Asus website. When I run the tool it fails with the 'Can't open AsIO.sys !!(2)' error. After a careful check it's clear that AsIo.sys does not exist on my PC. All devices appear to be working properly and all drivers are installed, any ideas on why I'm missing AsIo.sys and why the MEI update tool won't run without it?

Later Edit: SOLVED!

Hopefully this will help others with Asus boards.....

After some web searching I finally came across a solution to this issue and a way to get the firmware update installed. Apparently the AsIO.sys check is done by the GUI that is invoked when the MEUpdateTool.exe file is executed. It is possible however to install the firmware update via the command line. Here's how to get it installed....

1. Boot into Safe Mode (I wasn't able to get this to run otherwise).

2. Start PowerShell or command prompt (I used PowerShell).

3. Navigate to the folder to where the MEUpdate tool was extracted (on my PC it's D:\Users\Downloads\MEUpdateTool_UI_20171103_TP).

4. Navigate to the FW folder underneath (on my PC it's D:\Users\Downloads\MEUpdateTool_UI_20171103_TP\FW). All the firmware update software is in there.

5. Enter the command path_to_fw_folder\FWUpdLcl64.exe -F ME.bin (on my PC it's D:\Users\Downloads\MEUpdateTool_UI_20171103_TP\FW\FWUpdLcl64.exe -F ME.bin) and press Enter. The update process will start, DO NOT INTERRUPT IT! If you have a 32-bit system use the program FWUpdLcl.exe instead, but keep the rest the same.

This worked perfectly on my system and I'm now patched according to the Intel tool.
 
Last edited:
C

ClarkF1

Bronze Level Poster
Went to Gigabyte website and download BIOS onto Flash Drive
Used Q-Flash to quickly flash the bios

Done in minutes. Straightfoward and simple

The vulnerability detection tool does now say:

Installed Intel(R) Capability Licensing Service Client is obsolete. Minimum required version is 1.47.715.0. Please update the Intel(R) Capability Licensing Service Client software (available from your system manufacturer).
 
Last edited:
D

damascus

Active member
Hi to all
I have been unable to do this update.
I have had contact with PCS support and over Xmas I was able to get an unused flash stick and followed the instructions given by PCS. However when I went to select 'via storage device' the next page had no trace of the .CAP file.
I have since bought a new flash stick and followed the instructions - this time though I was given a new link to more recently released Bios file - 3405.CAP and not 3404.CAP.
As suggested, I tried the flash in both USB2 and USB3 connections. The .CAP file did show on the expected page - however on clicking 'next' nothing seemed to happen. It informed me that no changes had been made.
I am waiting for further instructions from PCS.

Damascus
 
C

ClarkF1

Bronze Level Poster
Rather than wait for PCS to get back to you, have you gone to the motherboard manufacturers website and downloaded the BIOS from there.
There should be instructions in the manual about how to do it.
 
D

damascus

Active member
Hi Clark
I have had a reply today - from the info I gave after following their instructions, they say that the Bios has been flashed - but they forgot to tell me to update the ME Update tool. I had to dll PeaZip to extract the .RAR file. I ran it and it told me that my system's ME Firmware is too outdated???????

I did go to Asus and quite honestly I found the experience of no use whatsoever - perhaps I was looking in the wrong place? I may still have to go back though.
I tried a 'forums' search and found little help whatsoever - waiting for pages to open was like watching grass grow.

Thanks for your suggestion.
 
D

damascus

Active member
Thanks to all who helped - the matter has now been resolved - I used a different Zip to extract the update and when I ran the Intel Detection Tool it told me I was no longer vulnerable.
 
C

ClarkF1

Bronze Level Poster
ubuysa said:
If the patch is available by the time your PC/laptop is built then yes.

This 'flaw' really isn't a big deal for home users.......
Click to expand...

This thread is regarding the Intel Management Engine flaw which requires a BIOS update. Do PCS ship with the latest BIOS?
 
You must log in or register to reply here.
Top