---

@Greybeard50 wrote:

 

Does anyone know if "SP83846.exe" is a solution for ALL PCs/Laptops?

It isn't. The patch list for each specific device is here.

You may encounter some dead links there. I needed sp82271.exe, while that page links to SP82271.exe

The HP-Support-website

https://support.hp.com/us-en/document/c05843704

HPSBHF03571 rev 2 - Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability

... is only partially of help.

There I found a  download-link for a fix for my pavilion 15-cc0xx

("Intel(R) Management Engine Vulnerability INTEL-SA-00086"-issue detected for it)

which should  be here:

ftp://ftp.hp.com/pub/softpaq/sp82001-82500/SP82271.exe

... but that URL is not available at present .

May be it will be available there again later ?

---

@Jens-R wrote:

... but that URL is not available at present .

---

The patch is there, but the link has been misspelled. Here you go.

This is an urgent issue. Basically every single computer made in the last 2 years is vulnerable to undetectable breaches.

The patches are there, but many links are misspelled: SP instead of sp.

Also, the HP Support Assistant does not provide this patch as an update.

I am beginning to wonder: Who exactly needs to return from their holidays in order to greenlight these measures?

> This is an urgent issue.

No, it is not, because the attack-surface is small.

If you have a home-computer "behind" your own wired/wireless router, the router protects your computer from a hacker on the Internet.

If your home-computer already has been hacked, having this vulnerability is the least of your problems.

> Basically every single computer made in the last 2 years is vulnerable to undetectable breaches.

Hyperbole, bordering on paranoia & nonsense.  Fake news.  Sigh.

---

@mdklassen wrote:

Fake news.

---

That's how reputation-threatening issues get explained away these days.

> Does anyone know if "sp83846.exe" is a solution for ALL PCs/Laptops?

Read: ftp://ftp.hp.com/pub/softpaq/sp82001-82500/sp82271.html

for a list of HP computers to which it does apply.

---

@IsaakC wrote:

---

@mdklassen wrote:

Fake news.

---

That's how reputation-threatening issues get explained away these days.

---

Exactly.

Dear mdklassen, I assume that you also drive your car with Engine Management Light on as well? If it drives and does not make any funny noises, what's the issue, n'est ce past?

This is a security hole - nobody can really fathom implications and seriousness as Intel is very secretive about it - and I expect it to be patched. ASAP.  Especially as my PC is still under warranty.

Having second thought on this: Disabling the whole ME subsystem would be even better idea.

https://www.theinquirer.net/inquirer/news/3022363/dell-starts-flogging-biz-laptops-with-intel-manage...

> This is a security hole - nobody can really fathom implications and seriousness as Intel is very secretive about it

Really?

Nobody? 

Not even the security-researchers who discovered the vulnerability, and followed "responsible disclosure" protocol?

You are posting Fake News.

Intel has posted a detailed bulletin about the attack surface, and the CVE database has additional information.

By the way, this discussion is off-topic -- not helpful to the person who posted the question, especially now that HP has released an update to remediate the vulnerability.