Intel discovery tool

Download the Intel discovery tool: https://downloadcenter.intel.com/download/26755

If the Intel-SA-00075-console.exe is executed with ‘-c’ it creates registry entries for the scan result, e.g.

[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software]

[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool]
"Scan Date"="5/8/2017 10:56:50 AM"
"Computer Name"="hostname01"
"Application Version"="1.0.1.6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\Hardware Inventory]
"Computer Manufacturer"="Hewlett-Packard"
"Computer Model"="HP EliteBook 840 G2"
"Processor"="Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]
"ME Version"="10.0.30.1072"
"ME Version Major"=dword:0000000a
"ME Version Minor"=dword:00000000
"ME Version Build"=dword:00000430
"ME Version Hotfix"=dword:0000001e
"ME SKU"="Intel(R) Full AMT Manageability"
"ME Provisioning State"="Not Provisioned"
"ME Driver Installed"="True"
"LMS State"="NotPresent"
"Micro LMS State"="NotPresent"
"EHBCP Enabled"="False"

Extend hardware inventory

I used RegKeytoMOF 3.3 (credits to Mark Cochrane – with help from Skissinger, SteveRac, Jonas Hettich, Kent Agerlund & Barker) to create the mof-files to extend the configuration.mof and to be imported in “Default Client Settings -> Hardware Inventory”

Execution

Create an Application and deploy it to all physical clients. Next hardware inventory cycle will report the scan results back, so it can be used for reports or collections.

Criteria for existing vulnerability

ME SKU: Intel® Full AMT Manageability’ or ‘Intel® Standard Manageabilit’ or ‘Intel® Small Business Advantage(SBA)’

ME Version:  6.x.x.x – 11.6.x.x with a build value less than 3000