Solved: Re: BIOS Update / Intel Management Engine Firmware - HP Support Community

10P8TRIOT · ‎03-04-2017

I have a ProBook 450 G3 running Windows 10. I am planning on updating the BIOS to N78 Ver. 01.15 Rev.A (from Ver. 01.12). I noticed the following statement on the BIOS download page: "HP strongly recommends updating the Management Engine firmware to version 11.0.18.1002 to prevent BIOS/Management Engine firmware corruption issues.". How can I determine the version of the IME firmware on my system? The latest version of the IME firmware for download is 11.0.0.1202 ... should I just go ahead and download and install that before the BIOS update?

Thanks in advance,

Mike

Skylarking · ‎12-02-2017

@IT_WinSec wrote:

If I were you, I would ignore this if my BIOS worked fine.

It's an old post but as others can find this thread via google search, as i did, the above flawed comment needs an answer.

ME has had some serious security issues discovered and reported to Intel this year. And there have been others reported in previous years. As a result, twice in 2017 Intel has pushed out fixes to ME that OEMs have picked up and released for their systems, many of which are no longer supported or under warranty.

The fact that OEM's actually released updates on out of warranty systems probably highlights the severity of this issue.

But if some people don't care about the security of their system That's their choice. Just keep in mind that an flawed ME implementation can be silently compromised at -3 ring level (that's before BIOS/EFI starts).

Those ring -3 exploits on your system at that level can do anything - even place a root kit containing key loggers that is then invisable to the OS virus scanner and thus steal passwords to your banking apps and send them off to some scum that empties you account of your hard earned $$ - that was one demonstrated use of an older ME vulnerability and this years vulnerabilities are worse according to some...

The reality is that just because one can't see or understand a problem doesn't mean that all is well. Thinking of not updating what works without an understanding of what broken thing was fixed with the update is simple a dangerous view to have these days.

As such, either do some research or take the Intel or your OEM's advice and update these critical ME vulnerabilities according to the Intel/OEM critical advisories.

Heck, if anything, the outrage should be that we owners of these systems have no way to shut off this insecure closed source security processor within a processor that has access to everything (even when the system is powered down)...

View solution in original post

IT_WinSec · ‎03-04-2017

Hello,

Thank you for posting in the HP Support forum.

To answer your question about Intel ME... Perhaps in the Control Panel > Programs and features. When you find it there click on it and it should show a version

or

if you search for it in C:\Program files or C:\Program files (x86) and search inside the folder, it should show the version somewhere.

You may also see if this tool will work on W10 > https://downloadcenter.intel.com/download/19009

But considering you already have experience with BIOS things , I am wondering why do you want to do it again... General recommendation I provide to users/customers is NOT to upgrade BIOS/UEFI unless they experience any kind of specific BIOS/UEFI issue. Updating just for the "noble cause" of updaing and just for using the latest verson is not solution. Any kind of update (no matter for what and who relesed it) can fix 2 issues but may introduce 10 more issues. Additionally, upgrading the BIOS (for any vendor) poses more risks because BIOS recovery is not that easy as compared to typical software updates IF something goes wrong.

Same applies for Windows Updates, OS update, drivers updates, etc - upgrade/update IF you have issues which you know are fixed in the newer version or for some severe security issues. Otherwise, keep the existing version as long as possible. 🙂

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013

10P8TRIOT · ‎03-05-2017

So I should ignore HP's Critical Driver Alerts?

IT_WinSec · ‎03-05-2017

@10P8TRIOT wrote:
So I should ignore HP's Critical Driver Alerts?

If I were you, I would ignore this if my BIOS worked fine.

Your FEEDBACK is important. Use the interactive buttons below and let me know if the post helps ;
*** HP employee *** I express personal opinion only *** Joined the Community in 2013

10P8TRIOT · ‎03-05-2017

Okay, thanks. BTW, I found the HP Support Communication that details the changes implemented with this BIOS update. It answers my original question. This BIOS update actually updates the Intel Management Engine firmware to fix security and corruption issues with the previous releases. And the document includes the following admonishment ... "HP strongly recommends updating to this BIOS version, which supersedes all previous versions".

-Mike

nstcb · ‎06-21-2017

The updated Intel Management Engine Firmware was not coming up in HP Softpaq, but I was able to locate manually specific to my HP ProBook 450 G3

https://support.hp.com/us-en/drivers/selfservice/swdetails/hp-probook-450-g3-notebook-pc/7834555/swI...

Rob-Nicholson · ‎10-25-2017

>Updating just for the "noble cause" of updaing and just for using the latest verson is not solution.

HP seem to be taking a different line these days and are pushing our BIOS firmware updates via the HP support tool which nags users to install the updates via the system tray icon.

Skylarking · ‎12-02-2017