Intel issues security alert for management firmware

Intel has released a security alert for their management engine interface that is likely to affect all 6th, 7th, and 8th generation of their Core i series CPUs.

The summary of the problem that is outlined on Intel's website;
Intel® Management Engine (Intel® ME 11.0.0-11.7.0), Intel® Trusted Execution Engine (Intel® TXE 3.0), and Intel® Server Platform Services (Intel® SPS 4.0) vulnerability (Intel-SA-00086)

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of the following with the objective of enhancing firmware resilience:

• Intel® Management Engine (Intel® ME)
• Intel® Trusted Execution Engine (Intel® TXE)
• Intel® Server Platform Services (SPS)

Intel has identified security vulnerabilities that could potentially impact certain PCs, servers, and IoT platforms.

Systems using Intel ME Firmware versions 11.0.0 through 11.7.0, SPS Firmware version 4.0, and TXE version 3.0 are impacted. You may find these firmware versions on certain processors from the:

• 6th, 7th, and 8th generation Intel® Core™ Processor Family:
• Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
• Intel® Xeon® Processor Scalable Family
• Intel® Xeon® Processor W Family
• Intel Atom® C3000 Processor Family
• Apollo Lake Intel Atom® Processor E3900 series
• Apollo Lake Intel® Pentium® Processors
• Intel® Celeron® N and J series Processors

Intel has released a  downloadable tool that will help you discover whether your hardware is affected or not. Technical details are also available on their website.

Within the zip file download is a GUI tool, running the tool will result in a pass or fail on the vulnerability for the system you run it on.

OEM hardware manufacturers will be required to release firmware patches to resolve this issue.

For all of our hardware customers; we will be maintaining a set of links on this page for your reference.  If you require any support on this issue then please contact our support team or your account manager through your usual channels. ​For our ongoing SCCM support contract customers, we have already started the update management process and will liaise with you directly on performing updates as they become available.

The most up-to-date source for manufacturer's update links is on Intel's website directly;
Intel Management Engine Critical Firmware Update (Intel SA-00086)

Update 30/11/2017:
Direct OEM links to their specific information;

• HP
• Lenovo
• Toshiba