Intel® Converged Security and Management Engine, Intel® Server Platform Services, Intel® Trusted Execution Engine, and Intel® Active Management Technology Advisory (Intel-SA-00185)

Documentation

Product Information & Documentation

000032800

03/12/2019

Can you give me a brief summary of Intel-SA-00185?

Multiple potential security vulnerabilities in Intel® Converged Security and Management Engine (Intel® CSME), Intel® Server Platform Services (Intel® SMS), Intel® Trusted Execution Engine (Intel® TXE), and Intel® Active Management Technology (Intel® AMT) may allow users to potentially:

  • Escalate privileges.
  • Disclose information.
  • Cause a denial of service.
Intel is releasing Intel® CSME, Intel® SMS, Intel® TXE, and Intel® AMT updates to mitigate these potential vulnerabilities.

On March 12, 2019, Intel released information for security advisory Intel-SA-00185 relating to the (Intel® CSME). This information was released as part of Intel's regular product update process.

Refer to the public security advisory for complete details on the CVEs and CVSS scores.

Affected Products/Technologies

Intel® CSME before version 11.8.60, 11.11.60, 11.22.60, or 12.0.20
Updated Intel® Converged Security and Management Engine (Intel® CSME) Firmware Version Replaces Intel® CSME Firmware Version
11.8.60 11.0 thru 11.8.55
11.11.60 11.10 thru 11.11.55
11.22.60 11.20 thru 11.22.0
12.0.20 12.0 thru 12.0.10
Intel® Server Platform Services before versions 4.00.04.383 and 4.01.02.174
Updated Intel® Server Platform Services Firmware Version Replaces Intel® Server Platform Services Version
SPS 4.00.04.383 SPS 4.00.04.367 thru SPS 4.00.04.382
SPS 4.01.02.174 SPS 4.01.00.152.0 thru SPS 4.01.02.173
Intel® Trusted Execution Engine before 3.1.60 or 4.0.10
Updated Intel® Trusted Execution Engine Firmware Version Replaces Intel® Trusted Execution Engine Firmware Version
3.1.60 3.0 thru 3.1.50
4.0.10 4.0 thru 4.0.5

Contact your system or motherboard manufacturer to obtain a firmware or BIOS update that addresses this vulnerability. Intel can't provide updates for systems or motherboards from other manufacturers.

Frequently Asked Questions

Click or the question for details:

What are the Vulnerability Descriptions, Common Vulnerabilities and Exposures (CVE) Numbers, and Common Vulnerability Scoring System (CVSS) information for the identified vulnerabilities associated with Intel Manageability Engine?
How can I view the Intel® Management Engine (Intel® ME)/Intel® CSME, Intel® Server Platform Services, or Intel® Trusted execution Engine firmware version on my system to determine if I'm impacted by this vulnerability? Option 1: Reboot your system and access the system BIOS. Intel® ME/Intel® CSME firmware information may be available in the BIOS information screens. Contact your system manufacturer for assistance.

Option 2: Download the Intel-SA-00125 Detection tool. Extract the tool and run the Intel-SA-00125-GUI.EXE program. Check the Intel ME Info section of the output for the Intel ME version number (example below).

ME Info section

I have a system or motherboard manufactured by Intel (Intel® NUC, Intel® Mini PC, Intel® Server, Intel® Desktop Board) that is showing as vulnerable. What do I do? Go to Intel® Support and navigate to the support page for your product. You'll be able to check for BIOS or firmware updates for your system.
I built my computer from components, I don't have a system manufacturer to contact. What do I do? Contact the manufacturer of the motherboard you purchased to build your system. They are responsible for distributing the correct BIOS or firmware update for the motherboard.

If you have additional questions on this issue, contact Intel Customer Support.