cancel
Showing results for 
Search instead for 
Did you mean: 
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
caegear
New member
3 2 0 0
Message 1 of 1
592
Flag Post

microLMS running after FW Patching to fix SA-00075

HP Recommended
Elitebook 8770w
Microsoft Windows 7 (64-bit)

Hello all, -hope this is the correct place for my SA-00075-related questions.

 

I got my new used laptop (HP Elitebook 8770w) 15th of may. Installed clean Win7 64-b, and went on to load and update drivers. Found several on SoftPaq that made me look closely at anything related to SA-00075, because it is a vPro system.

 

HP has a Patch for 00075 that I have applied:

- Intel Corporate Management Engine (ME) Firmware Component - Version: 8.1.71.3608

 

HP also has a BIOS update that I have applied:

- SOFTPAQ FILE NAME: SP79723.exe - BIOS VERSION: F.65 REV: A PASS: 1

 

I have run several of the recommended Intel diagnostics tools trying to determine wether my system now is safe and secure (preferably safe enough for me to start using ME / AMT), and the one that both confuses me the most and at the same time looks to give most (useful) information, is the "INTEL SA-00075 DiscoveryTool", that outputs this information:

 

Risk Assessment

Based on the version of the ME, the System is Check With OEM.

If Vulnerable, contact your OEM for support and remediation of this system.

For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689

or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075

INTEL-SA-00075 Discovery Tool GUI Version

Application Version: 1.0.1.39

Scan date: 20.05.2017 13:44:05

 

Host Computer Information

Name: CAEGEAR-PC

Manufacturer: Hewlett-Packard

Model: HP EliteBook 8770w

Processor Name: Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz

Windows Version: Microsoft Windows 7 Professional

 

ME Information

Version: Unknown

SKU: Unknown

Provisioning Mode: None Detected

Control Mode: None

Is CCM Disabled: Unknown

Driver installation found: False

EHBC Enabled: False

LMS service state: NotPresent

microLMS service state: Running

 

First question:

I gather the status: "Check with OEM" means Intel cant confirm HPs Patch for ME is fixing the 00075. Neither does HP supply me with a probing tool that lets me know 00075 is fixed after Patch, -right? (after applying Patch, there is no confirmation message. Exe just ends and closes. Only indication it is applied is SoftPaq lists it in "No action needed"). Would anyone share their take on wether I can assume "Check with OEM" means Im ok as long as i Patched according to HP guidelines and through SoftPaq?

 

Second, and more important (to me anyway) question:

I have not installed or started a service called "microLMS". I can not find it (or info about it) in the registry or in any documentation available to me (locally, from HP, on intel site, or in google). I have found that one version of this "microLMS" is placed in the extraction-folder tor the Intel SA Discovery Tool, and I have found another, much larger file online from Mesh Commander / Intes Mesh Central (MeshCentral.com). Both are called "Mesh Agent Service", -one signed by "MasterRoot" and one signed "Intel". I quess the first of these is a Beta version Intel Mesh Central use for web UI, and the second one extracted by Discovery tool is some "full version" of this small LMS service. The one Mesh Central / Mesh Commander use is afaik (and according to Ylian @ intel / meshcentral) just a port forwarding tool for integration between AMT and Web UI / Meshes. What the Intel signed smaller one is, I have no idea.

 

I propably also would not care what it is unless I knew I was patching a "this system is either owned by me or by someone else - forever"-hole, and if I had not found versions of a microLMS dating back to 2015 signed by "MasterRoot" and that has its signature listed as "not trusted" online that is obviously some app made in relation to actually remotely controlling systems utilizing AMT, -AND this little service (that I have not asked for or installed on purpouse) looks like it is running on my system even after I have Patched it... (probably doesnt help that I dont know my system too well, -it being new to me and all...)

 

Screenshots of the two "microLMS" exes properties:

scr001.png

scr002.png

scr003.png

 

And my question is:

Is there an actual service running on my computer called "microLMS"? Does the Discovery tool from Intel invoke it from its own directory upon start of Tool for some kind of auditing purpouse? Is it used to confirm port binding of some sort and thus the last line in the result from the Discovery tool stating "microLMS service state: Running", does not mean a LMS service is actually running on my system without the Tool being run?

 

As I said, I can not for the life of me find a service through Windows GUI that remotely looks like it is called "Mesh agent service", Meshagent, microLMS, or anything containing those words. Nor have I installed anything other than drivers and updates to the fresh (as of 15. may 2017) Windows 7 64-bit Pro. If I have a service running, I would love to know where it originated from (how it even came to reside on my s\ystem), If I can disable it, but maybe more importantly if it is an actual indication of a running service that I may or may not want.

 

Sorry this post may be a bit long. I am trying to relay enough information for anyone to maybe understand me, and I am not very versed in many of the (to me) complex IT-systems-related terms I suddenly find I am kind of forced to understand in order to make my new (used of course) HP Elitebook 8770w actually be mine to administer 🙂

 

Any input on either questions would be greatly appreciated.

 

Claus

0 Kudos
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation