SadProcessor · May 2, 2017 23:34 · MrZresH · Jan 14, 2019
diff --git a/Test-IntelMEStuff.ps1 b/Test-IntelMEStuff.ps1
 <#
 .Synopsis
   Check For Intel Stuff (via WMI)
 .DESCRIPTION
   Check if vulnerable to Intel Active Management Technology, 
   Intel Small Business Technology, and Intel Standard Manageability 
   Escalation of Privilege. [INTEL-SA-00075 - May 1st 2017]
   Uses WMI. Can be run against multiple computers.
   Returns a risk indication, check links in notes for more info and remediation options
 .EXAMPLE
   IntelMEStuff
   Checks LocalHost
 .EXAMPLE
   $ComputerList | IntelMEStuff | export-csv Result.csv
   Checks ComputerList with specified creds and outputs to csv
 ,NOTES
   https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
   https://downloadmirror.intel.com/26755/eng/INTEL-SA-00075%20Detection%20Guide-Rev%201.0.pdf
 #>
 function Test-IntelMEStuff{
    [Alias('IntelMEStuff')]
    Param(
        # target Computer(s) - optional - defaults to localhost
        [Parameter(Mandatory=$false,Position=0,ValueFromPipeline=$true)][String[]]$ComputerName=$env:ComputerName,
        # Credential for remote queries - optional
        [Parameter(Mandatory=$false)][Switch]$Creds
        )    
    Begin{
    #Prep Vars
        $Output = @()
        if($Creds){$CredObj = Get-Credential}
        }
    Process{
        foreach($target in $computerName){
            #if Local
            if($ComputerName -match "$env:ComputerName|127.0.0.1"){
                $Proc = Get-WmiObject Win32_Processor | select Name
                $MEI = Get-WmiObject Win32_SystemDriver -Filter "name='MEIx64'" 
                }
            #If Remote
            Else{
                #if creds
                if($Creds){
                    $Proc = Get-WmiObject Win32_Processor -ComputerName $target -Credential $CredObj | select Name
                    $MEI = Get-WmiObject Win32_SystemDriver -Filter "name='MEIx64'" -ComputerName $target -Credential $CredObj
                    }
                # No Creds
                Else{
                    $Proc = Get-WmiObject Win32_Processor -ComputerName $target | select Name
                    $MEI = Get-WmiObject Win32_SystemDriver -Filter "name='MEIx64'" -ComputerName $target
                    }
                }
            #Calc risk based on firmware version
            Try{
                $Version = (Get-Item $MEI.PathName).versioninfo
                $V=$version.ProductVersion.Split('.')
                #More Info: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
                Switch($V[0]){
                    '6'{if($V[1] -le 2 -AND $V[2] -le 61 -AND $V[3] -lt 3535){$Risk=$true}}
                    '7'{if($V[1] -le 1 -AND $V[2] -le 91 -AND $V[3] -lt 3272){$Risk=$true}}
                    '8'{if($V[1] -le 1 -AND $V[2] -le 71 -AND $V[3] -lt 3608){$Risk=$true}}
                    '9'{
                        if($V[1] -le 1){if($V[2] -le 41 -AND $V[3] -lt 3535){$Risk=$true}}
                        Elseif($V[1] -eq 5){if($V[2] -le 61 -AND $V[3] -lt 3012){$Risk=$true}}
                        }
                    '10'{if($V[2] -le 55 -AND -$V[3] -lt 3000){$Risk=$true}}
                    '11'{
                        if($V[1] -eq 0 -AND $V[2] -le 25 -AND -$V[3] -lt 3001){$Risk=$true}
                        Elseif($V[1] -eq 5 -AND $V[2] -le 27 -AND -$V[3] -lt 3264){$Risk=$true}
                        Elseif($V[1] -eq 6 -AND $V[2] -le 27 -AND -$V[3] -lt 3264){$Risk=$true}
                        }
                    default{$Risk=$false}
                    }
                }catch{}
            #Create Object + Add to Output
            $Props = @{
                    'ComputerName'=$Target
                    'Manufacturer'=$Proc.Manufacturer
                    'Processor'=$Proc.Name
                    'Management' = $MEI.DisplayName
                    'State'=$MEI.state
                    'Started'=$MEI.Started
                    'Driver'=$Version.OriginalFilename
                    'Version'=$Version.ProductVersion
                    'Risk' = $Risk
                    }
            $Output+=New-Object PSCustomObject -Property $Props
            }
        }
    End{
        #Output result object
        $Output | select ComputerName,Processor,Management,State,Driver,Version,Risk
        }
 }
	<#
	.Synopsis
	Check For Intel Stuff (via WMI)
	.DESCRIPTION
	Check if vulnerable to Intel Active Management Technology,
	Intel Small Business Technology, and Intel Standard Manageability
	Escalation of Privilege. [INTEL-SA-00075 - May 1st 2017]
	Uses WMI. Can be run against multiple computers.
	Returns a risk indication, check links in notes for more info and remediation options
	.EXAMPLE
	IntelMEStuff
	Checks LocalHost
	.EXAMPLE
	$ComputerList \| IntelMEStuff \| export-csv Result.csv
	Checks ComputerList with specified creds and outputs to csv
	,NOTES
	https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
	https://downloadmirror.intel.com/26755/eng/INTEL-SA-00075%20Detection%20Guide-Rev%201.0.pdf
	#>
	function Test-IntelMEStuff{
	[Alias('IntelMEStuff')]
	Param(
	# target Computer(s) - optional - defaults to localhost
	[Parameter(Mandatory=$false,Position=0,ValueFromPipeline=$true)][String[]]$ComputerName=$env:ComputerName,
	# Credential for remote queries - optional
	[Parameter(Mandatory=$false)][Switch]$Creds
	)
	Begin{
	#Prep Vars
	$Output = @()
	if($Creds){$CredObj = Get-Credential}
	}
	Process{
	foreach($target in $computerName){
	#if Local
	if($ComputerName -match "$env:ComputerName\|127.0.0.1"){
	$Proc = Get-WmiObject Win32_Processor \| select Name
	$MEI = Get-WmiObject Win32_SystemDriver -Filter "name='MEIx64'"
	}
	#If Remote
	Else{
	#if creds
	if($Creds){
	$Proc = Get-WmiObject Win32_Processor -ComputerName $target -Credential $CredObj \| select Name
	$MEI = Get-WmiObject Win32_SystemDriver -Filter "name='MEIx64'" -ComputerName $target -Credential $CredObj
	}
	# No Creds
	Else{
	$Proc = Get-WmiObject Win32_Processor -ComputerName $target \| select Name
	$MEI = Get-WmiObject Win32_SystemDriver -Filter "name='MEIx64'" -ComputerName $target
	}
	}
	#Calc risk based on firmware version
	Try{
	$Version = (Get-Item $MEI.PathName).versioninfo
	$V=$version.ProductVersion.Split('.')
	#More Info: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
	Switch($V[0]){
	'6'{if($V[1] -le 2 -AND $V[2] -le 61 -AND $V[3] -lt 3535){$Risk=$true}}
	'7'{if($V[1] -le 1 -AND $V[2] -le 91 -AND $V[3] -lt 3272){$Risk=$true}}
	'8'{if($V[1] -le 1 -AND $V[2] -le 71 -AND $V[3] -lt 3608){$Risk=$true}}
	'9'{
	if($V[1] -le 1){if($V[2] -le 41 -AND $V[3] -lt 3535){$Risk=$true}}
	Elseif($V[1] -eq 5){if($V[2] -le 61 -AND $V[3] -lt 3012){$Risk=$true}}
	}
	'10'{if($V[2] -le 55 -AND -$V[3] -lt 3000){$Risk=$true}}
	'11'{
	if($V[1] -eq 0 -AND $V[2] -le 25 -AND -$V[3] -lt 3001){$Risk=$true}
	Elseif($V[1] -eq 5 -AND $V[2] -le 27 -AND -$V[3] -lt 3264){$Risk=$true}
	Elseif($V[1] -eq 6 -AND $V[2] -le 27 -AND -$V[3] -lt 3264){$Risk=$true}
	}
	default{$Risk=$false}
	}
	}catch{}
	#Create Object + Add to Output
	$Props = @{
	'ComputerName'=$Target
	'Manufacturer'=$Proc.Manufacturer
	'Processor'=$Proc.Name
	'Management' = $MEI.DisplayName
	'State'=$MEI.state
	'Started'=$MEI.Started
	'Driver'=$Version.OriginalFilename
	'Version'=$Version.ProductVersion
	'Risk' = $Risk
	}
	$Output+=New-Object PSCustomObject -Property $Props
	}
	}
	End{
	#Output result object
	$Output \| select ComputerName,Processor,Management,State,Driver,Version,Risk
	}
	}