Create an account on the HP Community to personalize your profile and ask a question
05-02-2017 10:12 AM - edited 05-02-2017 11:32 AM
Hi. I've just read a security bulletin relating to Intel AMT on vPro systems. Intel instructions regarding mitigation for this threat are sketchy to say the least. If I have disabled AMT in the system bios on my machines will this mitigate against possible future attack or could this make me susceptible to more? Also, if anyone from HP reads this forum when will a firmware patch be made available? I realise my machines are not recognised as Win 10 devices but they work fine with this operating system. If anyone can shed any light on this subject I would be happy to read. If my machines are attacked from outside given that the chances are now greatly increased due to notifications on multiple websites who is responsible for any losses incurred? Are my desktop pcs even susceptible? idk. Many regards.
05-04-2017 02:23 AM
This is an issue only if a CPU has VPro feature along with a mobo chipset that also supports vPro. If your CPU doesn't have thios feature, your OK.
On such systems that support AMT, until manufacturer fixes their BIO's, it is recommended to disable AMT within BIOS itself and also to disable LMS and associated services within windows (if using that OS). Read more here especially the links and references within.
Of particular interest within the above thread is a link to Lenovos responce with this page indicating when BIOS fix will be made available.
Has anybody seen a similar page for HP or Dell systems, i haven't ?
05-06-2017 06:05 PM - edited 05-06-2017 06:17 PM
Windows 10 and Windows 7 users who are unsure as to whether they are affected may find the intel detection guide useful - (contained in zip file) https://downloadcenter.intel.com/download/26755 - although this did not give me a conclusive result - poor showing
05-06-2017 10:31 PM - edited 05-06-2017 10:41 PM
To hear HP via AMT has left the gates open to my z210 workstation since 2010 just adds to the view that nobody cares about my security and privacy.
Meanwhile, Intels AMT detection tool didn't yield useful results since i disabled AMT and it's windows services.
But it's good to see HP came to the party and documented their responce as to how and in what time frame they will fix this AMT security failure. So hopefully my z210 Workstation will see the updated ME firmware released on time by 12th May 2017.
What's of bigger concern is how the OEM industry simply took a module provided by their supplier (Intel) and did not perform any due diligence testing on this firmware module to ensure the final product they were selling was secure and thus fit for purpose. So it's either a massive failure across the many OEM's, which seems just a little too difficult to fathom, or something else a little more on the 'tin foil hat' side of the equation that is at play.
In any case, for me trust was broken some time ago when socketted BIOS chips were removed from motherboards while UEFI with secure boot tried to lock me out of my own property.
Good luck to those that think "Windows 10 S" is a good idea...
[edited to add following]
05-07-2017 01:46 AM
Yes, I agree it is good that HP have responded to this. I have been more than happy with their service over the years - hopefully they will resolve this issue quickly. I suspect my machines are not affected - but suspecting is not knowing! Some of these machines will also be being used by the public after business desktop upgrades and sales via third parties. I suspect these users also do not know.