Intel M.E Firmware Status

  • Thread starter The_Wizard_of_Grange_Moor
  • Start date
T

The_Wizard_of_Grange_Moor

Guest
Hello All,

With the recent vulnerability being acknowledged on certain Intel Platforms, we decided to create this post to provide up to date information in regards to the roll out of firmware updates.

Detecting the Vulnerability
Using this tool: https://downloadcenter.intel.com/download/27150?v=t you will be able to determine whether you need to update your Firmware & Driver in order to be secured against the vulnerability. Should you be vulnerable you will need to update your system in a certain way depending on your motherboard, which I will detail below.

Firmware Upgrade (Manufacturer Dependent):
Gigabyte
Gigabyte have performed the ME Update through their BIOS, so you will need to update your BIOS to the latest version in order to flash the ME Firmware. Most of Gigabyte's BIOS' have been done, so check their website and the Description should read “Update Intel ME for security vulnerabilities”. If there is not a BIOS available on their website, I would suggest contacting us directly so we can query the ETA for you.

ASUS
ASUS have performed the ME Upgrade through an 'ME Update Tool' available to download from their website depending on the Motherboard. It is called “MEUpdateTool” and is available to download from the 'Other' section of the Support page, usually in the BIOS update menu. The description reads “Intel has identified security issue that could potentially place impacted platform at risk”. Please note this tool can be temperamental, so if you run into any issues, please contact us.

Clevo - Genesis, UltraNote, Lafite III, Cosmos, Optimus, Defiance, Octane, Vortex
A fix is available and we are currently working on making it more user-friendly before deployment. Please contact us if you would like to resolve this immediately. We only have access to updates for current generation chassis at the moment, however the tool provided seems to be functional on older chassis as well, when using Intel U, H, and S series processors. This requires further testing, so as noted, contact us directly for the Clevo update.

Topstar - Lafite, Lafite II
We are currently awaiting a resolution from Intel and Topstar.

Quanta - Proteus
We have been provided a provisional ETA of the end of this month for a Firmware patch.

EA - Enigma
We are currently working with EA and Intel to deploy a patch.

Shuttle - Bumblebee
We are working closely with Shuttle and Intel to deploy a vulnerability fix.

Intel NUC
We are working with Intel directly on a firmware patch.

To add a further note, there do not appear to be any fixes for X299 based systems as of yet. Due to the age of the platform, fixes should roll out fairly quickly.

Driver Update Tool (Universal)
https://1drv.ms/u/s!AtT6GPf7c4v0gUQZ2E_NeFv6OvY1

This tool should work on all platforms. Please download it and run it once the Firmware patch has been applied.

If you have any queries regarding this process, please do not hesitate to contact our support team.

Also a thank you to Damascus for raising this issue originally on the forum
 
Last edited by a moderator:

Amethyst

Silver Level Poster
Confused. I ran the tool and says my systems vulnerable. but i can't find bios update when I go Via the helpful link spyder provided? I go to support other and seem not to have my motherboard?
ASUS® PRIME Z270-P: ATX, LG1151, USB 3.0, SATA 6GBs
Help
 

Amethyst

Silver Level Poster
Thank you. next dumb Question. downloaded this. unzipped it. but the system is not running it. how do I get it to run? do I have to run it from the command prompt?
 

SpyderTracks

We love you Ukraine
Thank you. next dumb Question. downloaded this. unzipped it. but the system is not running it. how do I get it to run? do I have to run it from the command prompt?

You need the BIOS upgrade program. I would thoroughly look through any notes Asus have on updating the BIOS, if you get it wrong, you'll brick the PC. Make sure you do everything as you're directed to and don't deviate.
 

Amethyst

Silver Level Poster
I think i down load the wrong update. worried now
Thanks to Oussebon I've downloaded the MEI update for my Asus motherboard (Z170-E) from the Asus website. When I run the tool it fails with the 'Can't open AsIO.sys !!(2)' error. After a careful check it's clear that AsIo.sys does not exist on my PC. All devices appear to be working properly and all drivers are installed, any ideas on why I'm missing AsIo.sys and why the MEI update tool won't run without it?

Later Edit: SOLVED!

Hopefully this will help others with Asus boards.....

After some web searching I finally came across a solution to this issue and a way to get the firmware update installed. Apparently the AsIO.sys check is done by the GUI that is invoked when the MEUpdateTool.exe file is executed. It is possible however to install the firmware update via the command line. Here's how to get it installed....

1. Boot into Safe Mode (I wasn't able to get this to run otherwise).

2. Start PowerShell or command prompt (I used PowerShell).

3. Navigate to the folder to where the MEUpdate tool was extracted (on my PC it's D:\Users\Downloads\MEUpdateTool_UI_20171103_TP).

4. Navigate to the FW folder underneath (on my PC it's D:\Users\Downloads\MEUpdateTool_UI_20171103_TP\FW). All the firmware update software is in there.

5. Enter the command path_to_fw_folder\FWUpdLcl64.exe -F ME.bin (on my PC it's D:\Users\Downloads\MEUpdateTool_UI_20171103_TP\FW\FWUpdLcl64.exe -F ME.bin) and press Enter. The update process will start, DO NOT INTERRUPT IT! If you have a 32-bit system use the program FWUpdLcl.exe instead, but keep the rest the same.

This worked perfectly on my system and I'm now patched according to the Intel tool.

i had the same issue do i jut alter file paths for steps 3-5?
But do I boot into safe mode?
 
Last edited:

damascus

Active member
I think i down load the wrong update. worried now


i had the same issue do i jut alter file paths for steps 3-5?
But do I boot into safe mode?

My understanding is that the Bios needs to be updated first - then you do the ME Firmware update. Then after that run the Intel Detection Tool again to see if your system is no longer vulnerable.
You can get the correct ones from PCS Support. Re the Bios for Asus MBs, the update numbers change - I have had three since 14 December.
If your MB is PRIME Z270-P then the latest I can see is 1002 -

https://www.asus.com/News/V5urzYAT6myCC1o2

You will need a flash drive to do the Bios update

Damascus
 

Amethyst

Silver Level Poster
Hi,

thanks for replying. still, a bit baffled. so i need to ask PCS for a Bio update? by flash drive you just mean usb memory drive?
 

damascus

Active member
To Amethyst
Yes - a USB memory drive/dongle or whatever.[Does not work using a disc]
I would give you the instructions I received but best to send PCS Support an email - as your system is NOT the same as mine.
One thing though - I had a 'used before' flash but did not work so went out and got a new one just for this job.
You should get the right Bios update and ME Update as click here in their reply.
Both Intel and MB producers state that users should contact their respective computer builders as they are said to have the right updates.

Do let us know if it worked for you.
Damascus
 
Last edited:
Top