Intel Management Engine vulnerability INTEL-SA-00086 and how to detect vulnerable systems in Configuration Manager

Intel published a new vulnerability on 11/20/17 around Intel® Management Engine (ME): INTEL-SA-00086 causing Elevation of Privilege (EoP), Remote Code Execution (RCE) or Denial of Service (DoS).
Intel published also a detection tool to run on clients. The detection tool is creating registry values about the vulnerability state of a client.
To check the status of the clients in an enterprise:

  • Download the tool
  • Create a package and run program “Intel-SA-00086-console.exe -c” on all clients
  • Create a Configuration Item
  • Deploy the CI in a Configuration Baseline
  • Get the collection of all vulnerable clients

blog_ME_CI

blog_ME_CI_compliance

blog_ME_CI_result

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s