Systems Management Question

AMT Vulnerability remediation

11/08/2017 1070 views
Does anyone have a process they are using to detect and remediate the INTEL-SA-00075 AMT vulnerability? I can't figure out how to label only the vulnerable machines on this one. Any help is greatly appreciated.
0 Comments   [ + ] Show comments


All Answers

The best way to know is to use the Intel tool. I did a Kace Script on my AMT machines. You can create a smart label for that.

The script consisted of:
  1. $(KACE_SYS_DIR)\cmd.exe with params /C del *.xml /q /f
  2. $(KACE_DEPENDENCY_DIR)\Intel-SA-00075-console.exe with params -n -c -f

I then copied all of the xml files to a central location and did some homebrew thing to parse them all together. I don't remember exactly. If I had to do it over again, I would probably use the powershell from here. The good news for you is that all of the bios should be updated now. So you should be able to update the bios to latest version and be good. Shouldn't have to worry about unprovisioning. I have some screenshots of my workflow on the comments over here.

I am actually working on getting AMT turned back on in my environment and it's a mess.
Answered 11/22/2017 by: five.
Second Degree Green Belt

This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ