Does Acer have update/patch avaialble for Intel Management Engine vulnerability # INTEL-SA-00075?

Pelican
Pelican Member Posts: 1 New User
edited November 2023 in 2020 Archives

On 1 May 2017 Intel announced a "critical severity" vulnerability, # INTEL-SA-00075; see https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr for the announcement. 

 

Does or will Acer have patches for this? Specifically, I have an Aspire R series computer with "Intel Core i5 inside"; apparently the "resolved firmware" version I'd need, according to Intel's announcement, is 10.0.55.3000. Where can I get this?  Thanks.

Answers

  • Karp-Acer_Retired
    Karp-Acer_Retired Member Posts: 2,599 Guru

    We suggest you check on Acer website for available drivers, document or Patch.

    To see if it is available in our page, please choose your unit model.

     

    https://www.acer.com/ac/en/US/content/drivers

    minimizar para MAXIMIZAR.

    Descubra a mais recente e inovadora tecnologia que chegará no mercado, next@acer.
  • JamMan
    JamMan Member Posts: 5

    Tinkerer

    I looked through the driver and bios updates, but did not see any updates to address this issue. Can you be more specific on where to find the update to address this?

  • stevenl40
    stevenl40 Member Posts: 3 New User

    I tested vulnerable too.  Please come up with a patch or direct us mitigation!

  • brummyfan2
    brummyfan2 ACE Posts: 28,470 Trailblazer

    Hi,

    Download the tool provided by Intel and if your system is vulnerable, get in touch with Acer support and I'm sure they will provide a solution. I don't think that everyone needs a BIOS update.

    http://www.techconnect.com/article/3195246/security/how-to-check-for-the-intel-active-management-exploit-that-lets-hackers-take-over-your-pc.html

     

    Capture.JPG

  • JamMan
    JamMan Member Posts: 5

    Tinkerer

    Called Acer support, gave serial number and was told by answering system that my computer was out of warranty and then was forwarded to a fee based technical support. The fee based technical support said my computer was out of warranty and that they did not have patch and could not help me. In all honesty, I had to explain the issue to the tech support a couple times. So not sure they are even that aware of the issue. I was kind of amazed. They suggested I go back to the manufacturer or try to get help from a local tech. Well I already tried the manufacturer route. They are the ones who forwared me to their official fee based technical support. And what are the odds a local tech can help me with something neither the manufacturer or their official fee based support can provide. So feel like this is just going in circles.

     

    Maybe I read the cybersecurity threat report incorrectly. But, my impression is that this is a huge threat to many many private and business computers. I would think addressing this would be an extremely high priority for every major computer manufacturer. If Acer customers fall victom to this vulnerability, you can be sure that it will hurt customer loyalty and trust in their product line.

  • JamMan
    JamMan Member Posts: 5

    Tinkerer

    Oh and yes I did run the detection tool from Intel. It indicates I am vulnerable.

    Untitled.jpg

  • Brymstone
    Brymstone Member Posts: 2 New User

    Hello?  ACER?  Are you in there?  Are you addressing this vulnerability?  I, too, am showing as vulnerable using the detection tool supplied by Intel.

  • Jose-Acer
    Jose-Acer Administrator Posts: 1,355 Community Administrator

    We have been working with Intel to release firmware updates for this issue.  You can find the list of affected models, along with the download links and installation instructions here:

     

    Intel® Active Management Technology, Intel® Small Business Advantage, and Intel® Standard Manageability Remote Privilege Escalation

  • Brymstone
    Brymstone Member Posts: 2 New User

         Many thanks to you for the quick response and the links to the firmware updates.  I am now showing that my computer is NOT VULNERABLE.

         I truly appreciate your help on this matter.

  • JamMan
    JamMan Member Posts: 5

    Tinkerer

    I have a Predator G3-605 and the Intel Detection Tool says I am vulnerable, but I dont see this model in your list of affected desktops. So dont know which firmware to download. Here is a screen shot from the detection tool.

    Untitled.jpg

  • stevenl40
    stevenl40 Member Posts: 3 New User

    I have a Gateway DX4885-UR1B Desktop that is not listed on your affected models list.  However, it tests as vulnerable, please help me.

  • Jose-Acer
    Jose-Acer Administrator Posts: 1,355 Community Administrator

    Thank you for letting me know.  I'm going to look into this.  In the meantime, can you please try running the latest INTEL-SA-00075 Discovery Tool?

  • JamMan
    JamMan Member Posts: 5

    Tinkerer

    I ran latest version of Intel Detection Tool 1.0.1.39. Still tests vulnerable. But, I dont see a firmware update for Predator G3-605.

  • stevenl40
    stevenl40 Member Posts: 3 New User

    Risk Assessment
    Based on the version of the ME, the System is Vulnerable.
    If Vulnerable, contact your OEM for support and remediation of this system.
    For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689
    or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075

    INTEL-SA-00075 Discovery Tool GUI Version
    Application Version: 1.0.1.39
    Scan date: 6/6/2017 5:27:12 PM

    Host Computer Information
    Name: HOMEPC
    Manufacturer: Gateway
    Model: Gateway DX4885
    Processor Name: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
    Windows Version: Microsoft Windows 10 Home

    ME Information
    Version: 9.0.20.1447
    SKU: Intel(R) Small Business Advantage(SBA)
    Provisioning Mode: Not Provisioned
    Control Mode: None
    Is CCM Disabled: False
    Driver installation found: True
    EHBC Enabled: False
    LMS service state: NotPresent
    microLMS service state: Running

  • maeroero
    maeroero Member Posts: 1 New User
    I was wondering what the outcome of this was as the last post was in June, I have a predator laptop, the detection tool defines as vulnerable, but it is still not listed by Acer for a firmware update. Is this resolved somewhere else for ACER predator gaming laptops ?
  • ic3b34r
    ic3b34r Member Posts: 24 Networker
    All prodocts of Acers is still TBD... that mean Acer's user... DO IT YOURSELF...
  • Chaoz
    Chaoz Member Posts: 1 New User
    I see the r5-471t,but where is the update for the r3-471t ???????
  • LeoLOST23
    LeoLOST23 Member Posts: 38 Die Hard WiFi Icon
    Acer-Jose said:

    Thank you for letting me know.  I'm going to look into this.  In the meantime, can you please try running the latest INTEL-SA-00075 Discovery Tool?

    Hi, Acer-Jose, i need to know if is there an available ME Firmware update for my Acer laptop, model A515-54G, with an i5-10210u and a GeForce MX250? Thanks!