If you dont know what we are talking about read: https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/
-
Download the Intel security advisory detection tool: https://downloadcenter.intel.com/downloads/eula/27150/Intel-SA-00086-Detection-Tool?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F27150%2Feng%2FSA00086_Windows.zip
-
Execute from the
DiscoveryTool.GUIdirectory theIntel-SA-00086-GUI.exefile. If you are vulnerable you need to continue the step-by-step. -
Figure out what is your motherboard to get the advisory patch (you dont need to open your computer to know that). From the command line execute:
wmic baseboard get product,Manufacturer,version,serialnumber
You will get something like this:
Manufacturer Product SerialNumber Version
ASUSTeK COMPUTER INC. Z170-P 111111111111111 Rev X.0x
Now you know you need to look for ASUS Z170-P drivers/firmware.
-
Go to your motherboard provider and pray they have released for your firmware after the 1st of November of 2017. For example, for ASUS support links look like:
https://www.asus.com/us/Motherboards/{motherboard-product}/HelpDesk_BIOS/ -
Install the firmare (if any).
-
Run the detection tool again to ensure that you have patched your system.
Firmware installer may go south because of many reasons.
Confirmed known to happen:
-
Intel Management Engine Interface driver is not installed (confirmed to happen on ASUS).
- If that is the case download it from: https://downloadcenter.intel.com/download/26136/Intel-Management-Engine-Driver-5M-for-Windows-7-8-1-and-Windows-10-for-Intel-NUC-Kit-NUC5i5MYHE
- Install the
MEI-Only Installer MSIand then goto step 5.
-
It may also happen that you have an older BIOS and that the new firmware requires an newer BIOS.