• Intel Management Engine vulnerability: Microsoft it doesn’t affect Surface

    Home » Forums » Newsletter and Homepage topics » Intel Management Engine vulnerability: Microsoft it doesn’t affect Surface


    You may have heard about the Intel Management Engine security bugs. A spate of research, publicized in the past few weeks, has left a lot of people wo
    [See the full post at: Intel Management Engine vulnerability: Microsoft it doesn’t affect Surface]

    Viewing 5 reply threads
    • #151533

      I think the main reason M$-Surface devices are not affected by the Intel ME/AMT/vPro bug is because they are mostly Wifi-only devices, ie they do not have Wired Ethernet network adapter cards. …

    • #151536

      Quick, Somebody test the Surface despite Microsoft’s claim.

    • #151561

      So of course the critical questions for me are:

      1. Do I have the Intel Management Engine on my computer?

      2. Do I need the Intel Management Engine on my computer?

      3. What are the consequences of removing the Intel Management Engine from my computer?

      and 4. How do I remove the Intel Management Engine from my computer?

      Thank you.

      • #151569

        Go to the computer manufacturer’s website and and find the specs for your PC. then go to the Intel website – they have an app you can download to see if you are vulnerable.

        There is more information on this here.

        3 users thanked author for this post.
        • #151621

          This is the report from the Intel tool (SA-00086)

          Tool Started 12/12/2017 4:12:31 PM
          Name: DESKTOP-PDS3L34
          Manufacturer: LENOVO
          Model: 80R3
          Processor Name: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHzOS
          Version: Microsoft Windows 10 Home
          Status: This system is vulnerable.
          Tool Stopped

          I then went to the Lenovo site and tried to find my model. Near as I can tell Lenovo agrees that my system is vulnerable, but has no remedy as of today.


          I repeat, do I even need this malware, er sorry, management software on my computer?


          • #151722

            Actually the ME is built into your hardware and there is no way to remove it.

            Windows 10 Pro 22H2

          • #153624

            The IME mentioned here is part of the BIOS or UEFI Firmware, which cannot be removed. Instead, go to the Intel site (for Intel builds) or the device manufacturer’s website, and download the latest BIOS Update or update for the UEFI Firmware. This worked on my Intel NUC (after two attempts, using different BIOS update methods). On my Intel tablet, it’s an ATOM processor, which is not vulnerable.

            It may take up to a couple of weeks for all major manufacturers to provide firmware updates, so be patient if your efforts to find an update now fail. Chances are very slim that you will get hacked in the interim.

            The actual firmware update is usually pretty fast and painless.

            -- rc primak

    • #151567

      Risk Assessment
      Based on the analysis performed by this tool, this system is not vulnerable; the ME SKU is not affected.


      If Vulnerable, contact your OEM for support and remediation of this system.
      For more information, refer to CVE-2017-5689 in the following link: CVE-2017-5689
      or the Intel security advisory Intel-SA-00075 in the following link: INTEL-SA-00075
      INTEL-SA-00075 Detection Tool
      Application Version:
      Scan date: 2017-12-12 20:50:45
      Host Computer Information
      Name: SF-HAXOR
      Manufacturer: Microsoft Corporation
      Model: Surface Pro 4
      Processor Name: Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz
      Windows Version: Microsoft Windows 10 Enterprise
      ME Information
      SKU: Consumer
      Provisioning Mode: Not Provisioned
      Control Mode: None
      Is CCM Disabled: True
      Driver installation found: True
      EHBC Enabled: False
      LMS service state: NotPresent
      microLMS service state: NotPresent
      Is SPS: False

      Edit to remove HTML.
      Please convert to plain text before copy/paste

    • #151590

      I had an issue with Windows 10 not updating a feature update 1709. Its an old laptop. As a second device, it does the job. I can live without replacing it until it passes my use-by date.

      Windows update reports the Intel Atom in my device is not supported. Fair enough. What’s not ‘fair enough’ is that Windows 10 kept trying to load the update then reporting after both download and installation the reason for the problem. Its a big update. It chewed a lot of bandwidth and CPU cycles failing nine times before I discovered the problem and hid the update last month… and again this month (two fails)! The obvious (and rhetorical) question is why does Windows check compatibility after download and attempt to install. The other  question would be why did the update unhide this month (rhetorical – I don’t expect an answer here).

      To the point (which is a tenuous link to the thread, I know). The error message delivered about the lack of compatibility includes a link ‘for further information’. The link leads to a Microsoft advertisement for Surface. They have no shame!

      Group A (but Telemetry disabled Tasks and Registry)
      1) Dell Inspiron with Win 11 64 Home permanently in dock due to "sorry spares no longer made".
      2) Dell Inspiron with Win 11 64 Home (substantial discount with Pro version available only at full price)

      • #151645

        If you are using Window 10 version 1703, there has been introduced a flaw that ignores feature update settings and hidden updates. This may also why you are getting forced updates on an Atom based system. The other one reason I can think of is Microsoft was supposed to have created an Atom CPU block list, Windows 10 may also be ignoring that list.

    • #151789


      Once again it pays off to be old and in the left-behind, “pre-generation” generation! 😀

      Running a Core i7-930 on a X58 chipset… which btw. is so fast and powerful, that I’ve never bothered to even think of updating it.

      Doubt it has ever run any hotter than ~38 degrees… even Silent Hunter 4’s 3D-mode can’t make it sweat… those, who know that game, knows.

      Hmmm… Surface Pro? Never gonna happen here… in a phase slowly backing away from anything Microsoft related.

      2 users thanked author for this post.
      • #153628

        Well, in more modern Intel PCs it’s not like the firmware update is difficult or likely to cause hardware issues.

        -- rc primak

    Viewing 5 reply threads
    Reply To: Intel Management Engine vulnerability: Microsoft it doesn’t affect Surface

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: