Acer Veriton X4610G is vulnerable to Intel Management Engine exploit INTEL-SA-00086

Marty11

The Acer Veriton X4610G is vulnerable to Intel Management Engine exploit INTEL-SA-00086:

an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME)

Load and execute arbitrary code outside the visibility of the user and operating system.

please check with your system manufacturer for updated firmware

Acer please respond to this vulnerability with an ME firmware update or a mitigation strategy.

I am running the latest BIOS version (BIOS Version: P01.B3) and I disabled Intel AMT (Active Management Technology) in the BIOS settings, but I am still vulnerable to the exploits.

Here are my scan results  (afterwards AMT disablement) with the Intel detection tool:

Spoiler

Intel(R) CSME Detection Tool For Legacy Systems
Application Version: 1.0.16.0
Scan date: 14/10/2020 21:09:02
Risk Assessment
Based on the analysis performed by this tool: This system is vulnerable.

Explanation:
The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086. Contact your system manufacturer for support and remediation of this system.
For more information refer to the Intel(R) CSME Detection Tool For Legacy Systems Guide or the Intel Security Advisory Intel-SA-00086 at the following link: https://www.intel.com/sa-00086-support
Host Computer Information
Name:
Manufacturer: Acer
Model: Veriton X4610G
Processor Name: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
OS Version: Microsoft Windows 10 Pro
Intel(R) ME Information
Engine: Intel(R) Management Engine
Version: 7.0.4.1197

Copyright(C) 2017-2019, Intel Corporation, All rights reserved.

You can scan your own computer for Intel ME vulnerabilities with this: Intel detection tool.

billsey

Uh, the Veriton X4610G came originally with Windows 7 and an optional downgrade to XP. I think it's well past the service life for developing changed BIOS versions. It looks like the last update was in 2012...

Marty11

billsey said:

Uh, the Veriton X4610G came originally with Windows 7 and an optional downgrade to XP. I think it's well past the service life for developing changed BIOS versions. It looks like the last update was in 2012...

Dear Billsey,

This has nothing to do with a BIOS update (which BTW would be a UEFI update in case of the X4610G and optional upgrade to Windows 8 and nowadays Windows 10).

I'm running a modern and secure OS. The thing that lets the X4610G down is the Intel Management Engine firmware.

Clearly you aren't familiar with that beast. The Intel Management Engine (ME) is a separate system with its own processor embedded deep within your system, which has its own firmware and runs independently of your main processor. It can do out of band management tasks over a network (access and change virtually everything on your system with maximum privileges). One can't switch the management engine off .

Intel have sneaked it into almost all their platforms now. The X4610G was one of the first generations that carried it. Be my guest and check the vulnerability of your 'modern' hardware with this Intel tool, please. And be astounded that your newer hardware is just be as vulnerable as mine is (look for example here, here, here, and here).

Intel provides fixes for these vulnerabilities, but they have to be adapted to the specific platforms by their OEMS (Acer in this case) and handed down to their customers. So Intel refers victims to their OEM to incorporate the fix into their platforms.

billsey

Exactly, and as with most other manufacturers they only provide those updates for a period after the model is released. As I said I'd be real surprised if Acer puts the resources into that task, especially since there are likely so few machines still in service where the user realizes they would like it. Newer machines have the ME code separate from the rest and updates get rolled out from Intel through the Windows update ecosystem.

Marty11

billsey said:

Exactly, and as with most other manufacturers they only provide those updates for a period after the model is released.

If it's an OS you would still have a choice to switch lo linux for example, but when it comes to embedded Intel firmware that runs independently of your main processor and can't be switched off, you don't have a choice. Intel does have fixes for it, but they need to be delivered through the OEM. Acer wake up and do something! or make your proprietary tweaks that need to be done to the Intel fixes public so people can bake up their own fix.

billsey said:

where the user realizes they would like it.

Would like it fixed? "Load and execute arbitrary code outside the visibility of the user and operating system." I'd say that people would like it fixed, but they don't realize they're so vulnerable, when it's not on the Acer support page...

Marty11

I updated to the lastly provided ME Firmware by ACER (version ME_7.1.91.3272_20170516), but afterwards the system is still vulnerable to Intel-SA-00086.

Here's the result:

Spoiler

Intel(R) CSME Detection Tool For Legacy Systems

Application Version: 1.0.16.0
Scan date: 29/10/2020 23:49:23

Risk Assessment

Based on the analysis performed by this tool: This system is vulnerable.

Explanation:
The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086. Contact your system manufacturer for support and remediation of this system.
For more information refer to the Intel(R) CSME Detection Tool For Legacy Systems Guide or the Intel Security Advisory Intel-SA-00086 at the following link: https://www.intel.com/sa-00086-support

Host Computer Information

Name:
Manufacturer: Acer
Model: Veriton X4610G
Processor Name: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
OS Version: Microsoft Windows 10 Pro

Intel(R) ME Information

Engine: Intel(R) Management Engine
Version: 7.1.91.3272

Copyright(C) 2017-2019, Intel Corporation, All rights reserved.

The Intel(R) CSME Detection tool still refers me to Acer for for support and remediation of the vulnerability in the Veriton X4610G.

Marty11

According to Intel the following ME versions are vulnerable:

Systems using Intel ME Firmware versions 6.x-11.x

Intel refers to Acer for support here. Where Acer says:

Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

But the Intel(R) CSME Detection tool clearly states that the Veriton X4610G is vulnerable (ME version 7.1) too.

So Acer, please propagate Intel's proposed fixes onto your customers.

Marty11

According to Intel Security Advisory 00086 [Source]

Q: The Intel CSME Version Detection Tool reports that my system is vulnerable. What do I do?
A: Intel has provided system and motherboard manufacturers with the necessary firmware and software updates to resolve the vulnerabilities identified in Security Advisory Intel-SA-00086.

Contact your system or motherboard manufacturer regarding their plans for making the updates available to end users.

Because I'm no longer eligible for warranty support, Acer customers are sent to this community for support.

Acer, your computers are vulnerable, please propagate Intel's fixes to mitigate the vulnerability to your customers.