Created
November 8, 2018 11:37
-
-
Save redeltaglio/8fe2a52f632768d5b597efcbffcecd18 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://www.reddit.com/r/SCCM/comments/7hydc7/intel_me_vulnerability_what_are_your_strategies/dqwi3pk/ | |
| $DetectionTool = Join-Path -Path "$PSScriptRoot\DetectionTool" -ChildPath 'Intel-SA-00086-console.exe' | |
| try { | |
| if ($XMLFiles = (Get-ChildItem -Path (Split-Path -Path $DetectionTool) -Filter *xml).FullName) { | |
| foreach ($XMLFile in $XMLFiles) { | |
| Remove-Item -Path $XMLFile -Force | |
| } | |
| } | |
| Start-Process -FilePath $DetectionTool -NoNewWindow -PassThru -Wait -WorkingDirectory (Split-Path -Path $DetectionTool) | |
| [xml]$DetectionXML = Get-Content -Path (Get-ChildItem -Path (Split-Path -Path $DetectionTool) -Filter *xml).FullName | |
| } catch { | |
| ;break | |
| } | |
| function Update-IntelAmt { | |
| param ( | |
| [Parameter(Mandatory = $true, HelpMessage = 'Select update tool version')] | |
| [ValidateSet('9', '10', '11')] | |
| [string]$ToolVersion, | |
| [Parameter(Mandatory = $true, HelpMessage = 'Provide .BIN file')] | |
| [ValidateNotNullOrEmpty()] | |
| [string]$UpdateFile | |
| ) | |
| switch ($ToolVersion) { | |
| '9' { | |
| $UpdateTool = Join-Path -Path "$PSScriptRoot\UpdateTool\9.1.42.3002" -ChildPath 'FWUpdLcl64.exe' | |
| } | |
| '10' { | |
| $UpdateTool = Join-Path -Path "$PSScriptRoot\UpdateTool\10.0.56.3002" -ChildPath 'FWUpdLcl64.exe' | |
| } | |
| '11' { | |
| $UpdateTool = Join-Path -Path "$PSScriptRoot\UpdateTool\11.8.50.3425" -ChildPath 'FWUpdLcl64.exe' | |
| } | |
| } | |
| try { | |
| Write-Output $UpdateFile | |
| $FWUpdt = New-Object System.Diagnostics.ProcessStartInfo | |
| $FWUpdt.FileName = $UpdateTool | |
| $FWUpdt.RedirectStandardOutput = $true | |
| $FWUpdt.UseShellExecute = $false | |
| $FWUpdt.Arguments = "-F `"$UpdateFile`" -Y -allowsv -VERBOSE" | |
| $FWUpdt.WorkingDirectory = (Split-Path -Path $UpdateTool) | |
| $Process = New-Object System.Diagnostics.Process | |
| $Process.StartInfo = $FWUpdt | |
| $Process.Start() | Out-Null | |
| $ProcessOutput = $Process.StandardOutput.ReadToEnd() | |
| $Process.WaitForExit() | |
| $ProcessOutput | |
| } catch { | |
| ;break | |
| } | |
| } | |
| if ($DetectionXML.System.System_Status.System_Risk -eq 'This system is vulnerable.') { | |
| $ComputerObject = (Get-CimInstance -ClassName Win32_ComputerSystem).Model | |
| if (($ComputerObject -like '*EliteBook 820 G3*') -or ($ComputerObject -like '*EliteBook 840 G3*') -or ($ComputerObject -like '*ZBook Studio G3*')) { | |
| $FWInfoLogPath = Join-Path -Path $PSScriptRoot -ChildPath 'FWInfo.log' | |
| $FWInfo = New-Object System.Diagnostics.ProcessStartInfo | |
| $FWInfo.FileName = (Join-Path -Path "$PSScriptRoot\UpdateTool\11.8.50.3425" -ChildPath 'MEInfoWin64.exe') | |
| $FWInfo.RedirectStandardOutput = $true | |
| $FWInfo.UseShellExecute = $false | |
| $Process = New-Object System.Diagnostics.Process | |
| $Process.StartInfo = $FWInfo | |
| $Process.Start() | Out-Null | |
| $ProcessOutput = $Process.StandardOutput.ReadToEnd() | |
| $Process.WaitForExit() | |
| $ProcessOutput | Out-File -FilePath $FWInfoLogPath | |
| if ((Get-Content -Path $FWInfoLogPath | Where-Object {$_ -like '*FW Version*'}) -like '*LP*') { | |
| $FWFile = Join-Path -Path "$PSScriptRoot\Firmware\sp82487" -ChildPath 'ME_11.8_Corporate_C0_LP_PDM_Production.bin' | |
| } | |
| elseif ((Get-Content -Path $FWInfoLogPath | Where-Object {$_ -like '*FW Version*'}) -like '*H*') { | |
| $FWFile = Join-Path -Path "$PSScriptRoot\Firmware\sp82487" -ChildPath 'ME_11.8_Corporate_D0_H_Production.bin' | |
| } | |
| Update-IntelAmt -ToolVersion '11' -UpdateFile $FWFile | |
| } | |
| elseif (($ComputerObject -like '*EliteBook 820 G1*') -or ($ComputerObject -like '*EliteBook 840 G1*')) { | |
| Update-IntelAmt -ToolVersion '9' -UpdateFile (Join-Path -Path "$PSScriptRoot\Firmware\sp82540" -ChildPath 'ME9.5_5M_Production.bin') | |
| } | |
| elseif (($ComputerObject -like '*EliteBook 820 G2*') -or ($ComputerObject -like '*EliteBook 840 G2*')) { | |
| Update-IntelAmt -ToolVersion '10' -UpdateFile (Join-Path -Path "$PSScriptRoot\Firmware\sp82539" -ChildPath 'ME10.0_5M_Production.bin') | |
| } | |
| elseif (($ComputerObject -like '*ZBook 15 G2*') -or ($ComputerObject -like '*ZBook 15*') -or ($ComputerObject -like '*ProBook 640 G1*')) { | |
| Update-IntelAmt -ToolVersion '9' -UpdateFile (Join-Path -Path "$PSScriptRoot\Firmware\sp82541" -ChildPath 'ME9.1_5M_Production.bin') | |
| } | |
| elseif (($ComputerObject -like '*EliteDesk 800 G1*') -or ($ComputerObject -like '*EliteOne 800 G1*')) { | |
| Update-IntelAmt -ToolVersion '9' -UpdateFile (Join-Path -Path "$PSScriptRoot\Firmware\sp82529" -ChildPath 'ME9.1_5M_Production.bin') | |
| } | |
| elseif (($ComputerObject -like '*EliteDesk 800 G2*') -or ($ComputerObject -like '*EliteOne 800 G2*')) { | |
| Update-IntelAmt -ToolVersion '11' -UpdateFile (Join-Path -Path "$PSScriptRoot\Firmware\sp82476" -ChildPath 'ME_11.8_Corporate_D0_H_Production.bin') | |
| } | |
| elseif (($ComputerObject -like '*EliteDesk 800 G3*') -or ($ComputerObject -like '*EliteOne 800 G3*')) { | |
| $FWInfoLogPath = Join-Path -Path $PSScriptRoot -ChildPath 'FWInfo.log' | |
| $FWInfo = New-Object System.Diagnostics.ProcessStartInfo | |
| $FWInfo.FileName = (Join-Path -Path "$PSScriptRoot\UpdateTool\11.8.50.3425" -ChildPath 'MEInfoWin64.exe') | |
| $FWInfo.RedirectStandardOutput = $true | |
| $FWInfo.UseShellExecute = $false | |
| $Process = New-Object System.Diagnostics.Process | |
| $Process.StartInfo = $FWInfo | |
| $Process.Start() | Out-Null | |
| $ProcessOutput = $Process.StandardOutput.ReadToEnd() | |
| $Process.WaitForExit() | |
| $ProcessOutput | Out-File -FilePath $FWInfoLogPath | |
| if ((Get-Content -Path $FWInfoLogPath | Where-Object {$_ -like '*FW Version*'}) -like '*LP*') { | |
| $FWFile = Join-Path -Path "$PSScriptRoot\Firmware\sp82475" -ChildPath 'ME_11.8_Corporate_C0_LP_Production.bin' | |
| } | |
| elseif ((Get-Content -Path $FWInfoLogPath | Where-Object {$_ -like '*FW Version*'}) -like '*H*') { | |
| $FWFile = Join-Path -Path "$PSScriptRoot\Firmware\sp82475" -ChildPath 'ME_11.8_Corporate_D0_H_Production.bin' | |
| } | |
| Update-IntelAmt -ToolVersion '11' -UpdateFile $FWFile | |
| } | |
| elseif ($ComputerObject -like '*Z440*') { | |
| Update-IntelAmt -ToolVersion '9' -UpdateFile (Join-Path -Path "$PSScriptRoot\Firmware\sp82642" -ChildPath '9.1.42.3002.bin') | |
| } | |
| } | |
| else { | |
| return '0' | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment