To provide a more consistent, reliable firmware update experience and improve discoverability of important system firmware updates for end-users, Windows 8 supports a platform for installing system and device firmware updates via driver packages. Learn how the system firmware update feature of Windows 8 works.
- Originally I thought that firmware was installed onto the chip or board directly and lived there, which is why it has to be 'flashed', whilst you would install a driver on top of an operating system. Conclusion: Firmware allows the hardware to 'do' stuff, and drivers allow software to interact with the hardware.
- Surface Pro System Aggregator Firmware update (v3.9.750.0) adds support for Microsoft Surface Dock on Surface Pro 3. Microsoft Surface Pro 4 Type Cover drivers set update adds support for the Surface Pro 4 Type Cover on Surface Pro 3. Surface Type Cover Filter Device driver (v.1.1.360.0) Surface Fingerprint Sensor driver (v2.2.10.4).
Intel® Management Engine (Intel® ME 6.x/7.x/8.x/9.x/10.x/11.x), Intel® Trusted Execution Engine (Intel® TXE 3.0), and Intel® Server Platform Services (Intel® SPS 4.0) vulnerability (Intel-SA-00086)
Note | This article describes issues related to security vulnerabilities found in the Intel® Management Engine Firmware. This article doesn't contain information related to the processor side-channel vulnerability (known as Meltdown/Spectre). If you're looking for information on the Meltdown/Spectre issue, go to Side-Channel Analysis Facts and Intel® Products. |
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of the following with the objective of enhancing firmware resilience:
- Intel® Management Engine (Intel® ME)
- Intel® Trusted Execution Engine (Intel® TXE)
- Intel® Server Platform Services (SPS)
Intel has identified security vulnerabilities that could potentially impact certain PCs, servers, and IoT platforms.
Systems using Intel ME Firmware versions 6.x-11.x, servers using SPS Firmware version 4.0, and systems using TXE version 3.0 are impacted. You may find these firmware versions on certain processors from the:
- 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, and 8th generation Intel® Core™ Processor Families
- Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® W Processor
- Intel Atom® C3000 Processor Family
- Apollo Lake Intel Atom® Processor E3900 series
- Apollo Lake Intel® Pentium® Processors
- Intel® Pentium® Processor G Series
- Intel® Celeron® G, N, and J series Processors
To determine if the identified vulnerabilities impact your system, download and run the Intel CSME Version Detection tool using the links below.
Frequently Asked Questions Section
Available resources
Frequently Asked Questions Section
Available resources
- Intel official security advisory:Technical details on the vulnerability
Resources for Microsoft and Linux* users
Resources from system/motherboard manufacturers
Note | Links for other system/motherboard manufacturers will be provided when available. If your manufacturer is not listed, contact them for information on the availability of the necessary software update. |
- Acer: Support Information
- ASRock: Support Information
- ASUS: Support Information
- Compulab: Support Information
- Dell Client: Support Information
- Dell Server: Support Information
- Fujitsu: Support Information
- Getac: Support Information
- GIGABYTE: Support Information
- HP Inc.: Support Information
- HPE Servers: Support Information
- Intel® NUC, Intel® Compute Stick, and Intel® Compute Card: Support Information
- Intel® Servers: Support Information
- Lenovo: Support Information
- Microsoft Surface*: Support Information
- MSI: Support Information
- NEC: Support Information
- Oracle: Support Information
- Panasonic: Support Information
- Quanta/QCT: Support Information
- Siemens: Support Information
- Supermicro: Support Information
- Toshiba: Support Information
- Vaio: Support Information
- Wiwynn: Support Information
Frequently asked questions:
Q: The Intel CSME Version Detection Tool reports that my system is vulnerable. What do I do?
A: Intel has provided system and motherboard manufacturers with the necessary firmware and software updates to resolve the vulnerabilities identified in Security Advisory Intel-SA-00086.
A: Intel has provided system and motherboard manufacturers with the necessary firmware and software updates to resolve the vulnerabilities identified in Security Advisory Intel-SA-00086.
Contact your system or motherboard manufacturer regarding their plans for making the updates available to end users.
Some manufacturers have provided Intel with a direct link for their customers to obtain additional information and available software updates (Refer to the list below).
Q: Why do I need to contact my system or motherboard manufacturer? Why can’t Intel provide the necessary update for my system?
A: Intel is unable to provide a generic update due to management engine firmware customizations performed by system and motherboard manufacturers.
A: Intel is unable to provide a generic update due to management engine firmware customizations performed by system and motherboard manufacturers.
Q: My system is reported as may be Vulnerable by the Intel CSME Version Detection Tool. What do I do?
A: A status of may be Vulnerable is usually seen when either of the following drivers aren't installed:
A: A status of may be Vulnerable is usually seen when either of the following drivers aren't installed:
- Intel® Management Engine Interface (Intel® MEI) driver
- Intel® Trusted Execution Engine Interface (Intel® TXEI) driver
Contact your system or motherboard manufacturer to obtain the correct drivers for your system.
Windows 10 Firmware Update
Q: My system or motherboard manufacturer is not shown in your list. What do I do?
A: The list below shows links from system or motherboard manufacturers who have provided Intel with information. If your manufacturer is not shown, contact them using their standard support mechanisms (website, phone, email, and so on) for assistance.
A: The list below shows links from system or motherboard manufacturers who have provided Intel with information. If your manufacturer is not shown, contact them using their standard support mechanisms (website, phone, email, and so on) for assistance.
Q: What types of access would an attacker need to exploit the identified vulnerabilities?
A: If the equipment manufacturer enables Intel-recommended Flash Descriptor write protections, an attacker needs physical access to platform’s firmware flash to exploit vulnerabilities identified in:
A: If the equipment manufacturer enables Intel-recommended Flash Descriptor write protections, an attacker needs physical access to platform’s firmware flash to exploit vulnerabilities identified in:
- CVE-2017-5705
- CVE-2017-5706
- CVE-2017-5707
- CVE-2017-5708
- CVE-2017-5709
- CVE-2017-5710
- CVE-2017-5711
The attacker gains physical access by manually updating the platform with a malicious firmware image through flash programmer physically connected to the platform’s flash memory. Flash Descriptor write-protection is a platform setting usually set at the end of manufacturing. Flash Descriptor write-protection protects settings on the Flash from being maliciously or unintentionally changed after manufacturing is completed.
If the equipment manufacturer doesn't enable Intel-recommended Flash Descriptor write protections, an attacker needs Operating kernel access (logical access, Operating System Ring 0). The attacker needs this access to exploit the identified vulnerabilities by applying a malicious firmware image to the platform through a malicious platform driver.
The vulnerability identified in CVE-2017-5712 is exploitable remotely over the network in conjunction with a valid administrative Intel® Management Engine credential. The vulnerability is not exploitable if a valid administrative credential is unavailable.
If you need further assistance, contact Intel Customer Support to submit an online service request.
Hp System Firmware Driver
Scan performed on 4/25/2017, Computer: SAMSUN 200B4Z/S01TH - Windows 7 64 bit
Outdated or Corrupted drivers:8/19
Firmware Driver Download
Device/Driver | Status | Status Description | Updated By Scanner |
Motherboards | |||
Intel(R) E7525/E7520/E7320 PCI Express Root Port A1 - 3596 | Outdated | ||
Mice And Touchpads | |||
Synaptics Synaptics PS/2 Port Pointing Device | Up To Date and Functioning | ||
Microsoft Microsoft Comfort Mouse 3000 (Mouse and Keyboard Center) | Up To Date and Functioning | ||
Usb Devices | |||
Samsung SAMSUNG Mobile Mode Changer | Up To Date and Functioning | ||
Sound Cards And Media Devices | |||
VIA VIA High Definition Audio | Outdated | ||
Realtek ATI HDMI Audio | Up To Date and Functioning | ||
ViXS ViXS PureTV-U ISDB-T Tuner | Up To Date and Functioning | ||
Network Cards | |||
Intel(R) Centrino(R) Wireless-N 6150 | Corrupted By System Firmware 1.0.8 | ||
Keyboards | |||
Microsoft HID Keyboard | Up To Date and Functioning | ||
Hard Disk Controller | |||
NVIDIA NVIDIA NForce MCP2 IDE Controller | Corrupted By System Firmware 1.0.8 | ||
Others | |||
Microsoft Xbox 360 Controller for Windows | Outdated | ||
Intel Port racine express PCI Intel(R) 82801FB/FBM PCI -2662 | Outdated | ||
Validity Sensors Validity Sensors (WBF) (PID=0018) | Up To Date and Functioning | ||
Cameras, Webcams And Scanners | |||
Canon Canon MP560 ser | Up To Date and Functioning | ||
Video Cards | |||
VIA/S3G VIA/S3G UniChrome Pro IGP | Up To Date and Functioning | ||
Input Devices | |||
Logitech USB Input Device (Logitech Download Assistant) | Corrupted By System Firmware 1.0.8 | ||
Port Devices | |||
Mobile Connector Device Diagnostic Interface (COM11) | Up To Date and Functioning | ||
Monitors | |||
Sony Digital Flat Panel (1024x768) | Corrupted By System Firmware 1.0.8 | ||
Mobile Phones And Portable Devices | |||
Acer NOKIA | Up To Date and Functioning |