• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Are you having HotKey issues? Click here for tips and tricks.
HP Recommended
HP Zbook 15 G1/G2
Microsoft Windows 7 (64-bit)

 

I've never needed the vPro features, I just like business laptops, they're solid, versatile and more reliable overall I think.

 

To make a long story short, I noticed unusual activity on my laptop (no need to go into details) which fits right in line

with a Management Engine AMT exploit. I never bothered configuring the MEbX password when I obtained by laptop via

the Ctrl-P keypress on boot (I'm not even sure if a non-provisioned laptop is even supposed to acknowledge the key combo) but the AMTactivate exploit doesn't *need* the laptop to be provisioned at all to be vulnerable:

 

see :   www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=2ahUKEwjHgc6p7qXk...

 

The Zbook 15 G1/G2 is right on target for being exploitable.  I know the CVE which directly relates to this issue was supposed to be patched with sp87481.exe or sp87881.exe (Cant bring up the release notes so I don't know exactly which one it is) but there's obviously an updated variant about.

 

Since I never use vPro or the Management Engine's advanced features, I would like to disable as many of its modules as possible, ESPECIALLY! the network stack module!  I have been trying to use me_cleaner to effect this:

 

https://github.com/corna/me_cleaner/wiki

 

But unfortunately the fwupdate utility you supply will not flash a modified image of the Management Engine firmware for some reason.

 

HP NEEDS TO PROVIDE A TOOL THAT DOES WHAT ME_CLEANER DOES FOR ALL ITS MODELS, ESP IT'S BUSINESS CLASS LAPTOPS!

 

For those who still don't know, the ME is always on; if your laptop is connected to power either via battery or AC it is on and active and can be exploited, even if your laptop is powered off.  You don't even need a wifi card, just close proximity to be hacked (It has its own network stack).  Its completely transparent to your OS and other hardware so you won't know you're hacked.  Everything that you could do with a full AMT provisioned laptop someone can do with your hardware.

 

I haven't come here to state what most of the technically proficient here already know, but to ask the HP tech supports here if there is a way to gut the Management Engine modules to disable this hardware backdoor or for the possibility of HP themselves providing a tool that does this.  I know the ME is needed for some hardware funtions, but surely the network stack module isn't required.

 

Right now after weeks of looking for a solution my only option seems to be getting a SPI hardware flasher and manually

flashing my modified ME firmware myself, risking a bricked motherboard or downgrading to a Core I3 CPU (And I'm not even sure downgrading to an I3 fully mitigates all AMT vulnerabilities).

 

So tech, what can you help me do about this?

1 REPLY 1
HP Recommended

did you try disabling AMT in the BIOS? F10, Advanced\  Remote Management Options Menu\ Active Management Technology (AMT) - it is checked by default

I work for HP. However, all opinions and comments are my own.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.