> Link ?

O ye of little faith, just Keep It Stupefyingly Simple.

Use the search function within this forum, searching on "Intel Management".

You should find NINE "accepted as solutions" threads, where the URL to the HP update is listed.

QED.

Did you actually check this list yourself, O Wisest?

It's here in case you did not:

https://support.hp.com/us-en/document/c05843704

You may notice it's version 3 now, it's been updated on 30/11 since it's been originally published for the first time (22/11).

You can also spot that some of the PCs (mine included) have TBD in ME Softpaq #.

Based on that (and I am entitled to this opinion, I think, when timescales are considered - it's two weeks now!) I have a feeling that HP may have not been exactly aware that other desktops they sold might be vulnerable.

So no, the issue is not resolved as patch is not available yet. What does it take so long to get it sorted?

So, don't spread the Fake News.

Besides, I did advise you once already that I broadening your horizons beyond suppliers & manufacturers literature would be most beneficial to you (and others on this forum, whom you teach in rather terrible manner, as well).

---

@krzemien wrote:

https://support.hp.com/us-en/document/c05843704

---

Yes, that's the link I posted in the first place. It's riddled with dead misspelled links, like I noticed in the first place.

And the problem is endlessly bigger than mdklassen wants us to believe, like I also mentioned in the first place.

In case you missed it: feast your eyes and ears on this video and tell me what's exaggerated about it.

The patches are there, and that ain't the problem here.

The real problem is that the PC owners don't get these patches installed automatically, but the patches are reserved for those lucky enough to take this hurdle course to obtain them.

Since pointing this out results in no action by HP employees, but rather repeating backlash from this troll, I'm sensing a deliberate attempt to keep this back door into many CPUs open for malicious exploits.

There we go, mdklassen:

http://www.theregister.co.uk/2017/12/06/intel_management_engine_pwned_by_buffer_overflow/

(...)

On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.

(...)

Though the vulnerabilities require local access to an affected machine or the credentials to access the machine through a remote IT management system, an Active Management Technology (AMT) flaw disclosed by Intel in May raises the possibility of a remote attack.

"Given the massive penetration of devices with Intel chips, the potential scale for attacks is big, everything from laptops to enterprise IT infrastructure is vulnerable," the pair said in a statement emailed to The Register.

(...)

Asked whether Intel has any plans to alter the way its Management Engine works or to offer chips without the ME, a company spokesperson suggested such requests should be directed to hardware vendors.

"The Management Engine (ME) provides important functionality our users care about, including features such as secure boot, two-factor authentication, system recovery, and enterprise device management," the spokesperson said.

"System owners with specialized requirements should contact the equipment manufacturers for this type of request.

However, since any such configuration necessarily removes functionality required in most mainstream products, Intel does not support such configurations."

(...)

So, as this is another feature that some users care about (and I don't): HP, isn't it just better - and cheaper - just to get rid of this rotten apple and simply disable it at source?

And I'm begining to agree.

Either they simply don't care and are only interested in our $... or they are in bed with the TLAs (Three Letter Acronyms).

Well, it is nearly one month now and this page firmly remains static:

https://support.hp.com/us-en/document/c05843704

(and no fix for my machine in sight as well)

Does HP await the expiry of my (and others') warranty?

> (and no fix for my machine in sight as well)

If your computer is directly connected to a cable-modem (or a DSL-modem), then it is vulnerable to a remote attack.

If that modem is a "combination" (modem with a multi-port router), and your computer is connected (wired/WiFi) to the router, then it is not vulnerable to a remote attack.

If your computer is connected to your "home-network", and another computer in your home has been compromised, then your computer is vulnerable to an attack from that compromised computer.

If your computer has been compromised, by some other exploit, then it can be further compromised by this vulnerability.

So, in practise, the "attack vector" to your computer is extremely small.

Or, just enter BIOS SETUP, and disable it.

The question remains: Will HP ever care to roll out the patches as automatic updates, or just keep spewing out these flaky risk assestments and half-baked solutions?

> The question remains: Will HP roll out the patches as automatic updates?

This is a "user-to-user" forum, not an official path to contact HP.

So, there is nobody on this forum who is authorized by HP to give an official answer to your question.

Don't shoot the messenger.