Does anyone have a process they are using to detect and remediate the INTEL-SA-00075 AMT vulnerability? I can't figure out how to label only the vulnerable machines on this one. Any help is greatly appreciated.
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

0
The best way to know is to use the Intel tool. I did a Kace Script on my AMT machines. You can create a smart label for that.

The script consisted of:
  1. $(KACE_SYS_DIR)\cmd.exe with params /C del *.xml /q /f
  2. $(KACE_DEPENDENCY_DIR)\Intel-SA-00075-console.exe with params -n -c -f

I then copied all of the xml files to a central location and did some homebrew thing to parse them all together. I don't remember exactly. If I had to do it over again, I would probably use the powershell from here. The good news for you is that all of the bios should be updated now. So you should be able to update the bios to latest version and be good. Shouldn't have to worry about unprovisioning. I have some screenshots of my workflow on the comments over here.

I am actually working on getting AMT turned back on in my environment and it's a mess.
Answered 11/22/2017 by: five.
Orange Senior Belt

Please log in to comment
Answer this question or Comment on this question for clarity