AMT Vulnerability remediation
Does anyone have a process they are using to detect and remediate the INTEL-SA-00075 AMT vulnerability? I can't figure out how to label only the vulnerable machines on this one. Any help is greatly appreciated.
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
five.
6 years ago
The best way to know is to use the Intel tool. I did a Kace Script on my AMT machines. You can create a smart label for that.
The script consisted of:
I then copied all of the xml files to a central location and did some homebrew thing to parse them all together. I don't remember exactly. If I had to do it over again, I would probably use the powershell from here. The good news for you is that all of the bios should be updated now. So you should be able to update the bios to latest version and be good. Shouldn't have to worry about unprovisioning. I have some screenshots of my workflow on the comments over here.
I am actually working on getting AMT turned back on in my environment and it's a mess.
The script consisted of:
- $(KACE_SYS_DIR)\cmd.exe” with params “/C del *.xml /q /f
- $(KACE_DEPENDENCY_DIR)\Intel-SA-00075-console.exe” with params “-n -c -f
I then copied all of the xml files to a central location and did some homebrew thing to parse them all together. I don't remember exactly. If I had to do it over again, I would probably use the powershell from here. The good news for you is that all of the bios should be updated now. So you should be able to update the bios to latest version and be good. Shouldn't have to worry about unprovisioning. I have some screenshots of my workflow on the comments over here.
I am actually working on getting AMT turned back on in my environment and it's a mess.
