Hello all, -hope this is the correct place for my SA-00075-related questions.
I got my new used laptop (HP Elitebook 8770w) 15th of may. Installed clean Win7 64-b, and went on to load and update drivers. Found several on SoftPaq that made me look closely at anything related to SA-00075, because it is a vPro system.
I have run several of the recommended Intel diagnostics tools trying to determine wether my system now is safe and secure (preferably safe enough for me to start using ME / AMT), and the one that both confuses me the most and at the same time looks to give most (useful) information, is the "INTEL SA-00075 DiscoveryTool", that outputs this information:
Based on the version of the ME, the System is Check With OEM.
If Vulnerable, contact your OEM for support and remediation of this system.
For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689
or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075
INTEL-SA-00075 Discovery Tool GUI Version
Application Version: 18.104.22.168
Scan date: 20.05.2017 13:44:05
Host Computer Information
Model: HP EliteBook 8770w
Processor Name: Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz
Windows Version: Microsoft Windows 7 Professional
Provisioning Mode: None Detected
Control Mode: None
Is CCM Disabled: Unknown
Driver installation found: False
EHBC Enabled: False
LMS service state: NotPresent
microLMS service state: Running
I gather the status: "Check with OEM" means Intel cant confirm HPs Patch for ME is fixing the 00075. Neither does HP supply me with a probing tool that lets me know 00075 is fixed after Patch, -right? (after applying Patch, there is no confirmation message. Exe just ends and closes. Only indication it is applied is SoftPaq lists it in "No action needed"). Would anyone share their take on wether I can assume "Check with OEM" means Im ok as long as i Patched according to HP guidelines and through SoftPaq?
Second, and more important (to me anyway) question:
I have not installed or started a service called "microLMS". I can not find it (or info about it) in the registry or in any documentation available to me (locally, from HP, on intel site, or in google). I have found that one version of this "microLMS" is placed in the extraction-folder tor the Intel SA Discovery Tool, and I have found another, much larger file online from Mesh Commander / Intes Mesh Central (MeshCentral.com). Both are called "Mesh Agent Service", -one signed by "MasterRoot" and one signed "Intel". I quess the first of these is a Beta version Intel Mesh Central use for web UI, and the second one extracted by Discovery tool is some "full version" of this small LMS service. The one Mesh Central / Mesh Commander use is afaik (and according to Ylian @ intel / meshcentral) just a port forwarding tool for integration between AMT and Web UI / Meshes. What the Intel signed smaller one is, I have no idea.
I propably also would not care what it is unless I knew I was patching a "this system is either owned by me or by someone else - forever"-hole, and if I had not found versions of a microLMS dating back to 2015 signed by "MasterRoot" and that has its signature listed as "not trusted" online that is obviously some app made in relation to actually remotely controlling systems utilizing AMT, -AND this little service (that I have not asked for or installed on purpouse) looks like it is running on my system even after I have Patched it... (probably doesnt help that I dont know my system too well, -it being new to me and all...)
Screenshots of the two "microLMS" exes properties:
And my question is:
Is there an actual service running on my computer called "microLMS"? Does the Discovery tool from Intel invoke it from its own directory upon start of Tool for some kind of auditing purpouse? Is it used to confirm port binding of some sort and thus the last line in the result from the Discovery tool stating "microLMS service state: Running", does not mean a LMS service is actually running on my system without the Tool being run?
As I said, I can not for the life of me find a service through Windows GUI that remotely looks like it is called "Mesh agent service", Meshagent, microLMS, or anything containing those words. Nor have I installed anything other than drivers and updates to the fresh (as of 15. may 2017) Windows 7 64-bit Pro. If I have a service running, I would love to know where it originated from (how it even came to reside on my s\ystem), If I can disable it, but maybe more importantly if it is an actual indication of a running service that I may or may not want.
Sorry this post may be a bit long. I am trying to relay enough information for anyone to maybe understand me, and I am not very versed in many of the (to me) complex IT-systems-related terms I suddenly find I am kind of forced to understand in order to make my new (used of course) HP Elitebook 8770w actually be mine to administer 🙂
Any input on either questions would be greatly appreciated.