cancel
Showing results for 
Search instead for 
Did you mean: 
  • ×
    Information
    Need Windows 11 help?
    Check documents and videos on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents and videos on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.
mdo47
Level 1
4 3 1 0
Message 1 of 7
1,524
Flag Post

Solved!

HP Omen Intel Management Engine vulnerability

HP Recommended
Omen 870-120st
Microsoft Windows 10 (64-bit)

According to information online, there is a vulnerability in Intel(R) Management Engine that affects my computer.

Are there any updates from HP to fix this?

 

This is the output from INTEL-SA-00086 Detection Tool:

 

Based on the analysis performed by this tool: This system is vulnerable.


Explanation:
The detected version of the Intel(R) Management Engine firmware is considered vulnerable for INTEL-SA-00086. Contact your system manufacturer for support and remediation of this system.
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: <<< msg board won't let me put in link >>>

INTEL-SA-00086 Detection Tool

Application Version: 1.0.0.128
Scan date: 11/25/2017 6:04:36 PM

Host Computer Information

Name: OMEN-MDO
Manufacturer: HP
Model: 870-120st
Processor Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
OS Version: Microsoft Windows 10 Pro

Intel(R) ME Information

Engine: Intel(R) Management Engine
Version: 11.0.1.1001
SVN: 1

Copyright(C) 2017, Intel Corporation, All rights reserved.

1 ACCEPTED SOLUTION

Accepted Solutions
mdo47
Author
Level 1
4 3 1 0
Message 7 of 7
Flag Post
HP Recommended

Was not having any luck on this, then noticed the HP Support Assistant icon on my task bar. I used it to update several chipset files

 

Then I ran the updated INTEL-SA-00086 Detection Tool at https://downloadcenter.intel.com/download/20775/Intel-Chipset-Device-Software-INF-Update-Utility-?pr...

 

Now I get this info from the Intel tool: This system is not vulnerable. It has already been patched.

(looks like they modified the Intel tool so I cannot copy/paste from it)

 

I guess HP was getting the fixes out; I just didn't know where to find them.

 

Thanks!

 

 

View solution in original post

Was this reply helpful? Yes No
6 REPLIES 6
Barachiel
Retired
Retired
6,247 2,746 314 478
Message 2 of 7
Flag Post
HP Recommended

Hi @mdo47

 

Welcome to HP Forums, 

This is a great place to get support, find answers and tips, 

Thank you for posting your query, I'll be more than glad to help you out 🙂 

 

As I understand you are facing issues with the Intel Management Engine vulnerability with HP omen.

 

Follow this link and update the Intel Management Engine Software 11.7.0.1043

 

Let me know how that pans out.

I hope you have a good day ahead,

And Feel free to ask any other queries as  well,

Considering, this forum has some of the best people in the world available and ready to help. 😉

Barachiel
I am an HP Employee

Was this reply helpful? Yes No
mdo47
Author
Level 1
4 3 1 0
Message 3 of 7
Flag Post
HP Recommended

Thanks for the reply! I did that; from the prompts it looked like it worked. Then I rebooted just to be sure, and ran the Intel test program again. It gave me exactly the same output and the version number had not changed. Here is a synopsis:

 

Based on the analysis performed by this tool: This system is vulnerable.

INTEL-SA-00086 Detection Tool

Application Version: 1.0.0.128
Scan date: 12/8/2017 8:57:21 AM

Host Computer Information

Name: OMEN-MDO
Manufacturer: HP
Model: 870-120st
Processor Name: Intel(R) Core(TM) i7-6700K CPU @ 4.00GHz
OS Version: Microsoft Windows 10 Pro

Intel(R) ME Information

Engine: Intel(R) Management Engine
Version: 11.0.1.1001
SVN: 1

 

I looked at the logs for the device Intel(R) Management Engine Interface; it showed driver version 11.7.0.1040. The last three entries in the log were as follows, including the text Device Updated: false.

 

I had tried to follow all the install notes etc.

 

Driver Date: 07/18/2017
Driver Version: 11.7.0.1040
Driver Provider: Intel
Driver Section: TEE_DDI_W10_x64
Driver Rank: 0xFF2001
Matching Device Id: PCI\VEN_8086&DEV_A13A
Outranked Drivers:
Device Updated: false
Parent Device: ACPI\PNP0A08\0

Event 2:
Device PCI\VEN_8086&DEV_A13A&SUBSYS_2B4B103C&REV_31\3&11583659&1&B0 was started.
Driver Name: oem47.inf
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Service: MEIx64
Lower Filters:
Upper Filters:

Event 3:
Driver Management concluded the process to install driver heci.inf_amd64_77f0a47042cd4a88\heci.inf for Device Instance ID PCI\VEN_8086&DEV_A13A&SUBSYS_2B4B103C&REV_31\3&11583659&1&B0 with the following status: 0x0.

 

Thanks!

Mark

Was this reply helpful? Yes No
Barachiel
Retired
Retired
6,247 2,746 314 478
Message 4 of 7
Flag Post
HP Recommended

Hi @mdo47

 

Thank you for replying with this detailed response 😉 
I appreciate your time and efforts, I would suggest updating the system Bios.

 

Follow this link to update the bios to the latest one.

Barachiel
I am an HP Employee

Was this reply helpful? Yes No
mdo47
Author
Level 1
4 3 1 0
Message 5 of 7
Flag Post
HP Recommended

Once again - thanks for the prompt reply!

 

I did what was suggested and then repeated the installation for Intel management engine then rebooted. Once again the message from the Intel-SA-0086 detection tool was unchanged.

 

Then I tried the entire process again but logged in as administrator (I normally log in as an ordinary user for security). Still at the end the Intel detection tool gave the same "system is vulnerable" message and also listed my version of Intel management engine as follows:

Engine: Intel(R) Management Engine
Version: 11.0.1.1001
SVN: 1

 

I notice that the link you gave for the management engine firmware update was not exactly for the HP Omen desktop I have; the versions for that can be found under "Driver-Chipset" at this location

https://support.hp.com/us-en/drivers/selfservice/omen-by-hp-870-100-desktop-pc-series/12079703/model...

That location still shows chipset driver versions from March and September of 2016.

 

Could that be the issue?

Was this reply helpful? Yes No
Barachiel
Retired
Retired
6,247 2,746 314 478
Message 6 of 7
Flag Post
HP Recommended

Hi @mdo47

 

Thank you for responding,
It's great to have you back 😉

 

Yes, you could give it a try and let me know if it worked out. 🙂

 

Best regards,

Barachiel
I am an HP Employee

Was this reply helpful? Yes No
mdo47
Author
Level 1
4 3 1 0
Message 7 of 7
Flag Post
HP Recommended

Was not having any luck on this, then noticed the HP Support Assistant icon on my task bar. I used it to update several chipset files

 

Then I ran the updated INTEL-SA-00086 Detection Tool at https://downloadcenter.intel.com/download/20775/Intel-Chipset-Device-Software-INF-Update-Utility-?pr...

 

Now I get this info from the Intel tool: This system is not vulnerable. It has already been patched.

(looks like they modified the Intel tool so I cannot copy/paste from it)

 

I guess HP was getting the fixes out; I just didn't know where to find them.

 

Thanks!

 

 

Was this reply helpful? Yes No
Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation