Skip to main content
PDQ.com mobilePDQ.com desktop
Support
Try Now

Detecting the INTEL-SA-00086 Vulnerability using PDQ Products

Colby BoumaColby Bouma
·

Intel has released the INTEL-SA-00086 Detection Tool so you can identify which computers are vulnerable to the recently found Intel® Management Engine (ME) security vulnerabilities. For those that have been living under a rock, a number of vulnerabilities have been discovered in Intel chips, yes, physical chips.

Here’s how you can use PDQ Deploy and Inventory to run Intel’s tool and report on its findings.

Eleven Easy Steps

1. Download and unzip the Collections, Reports, and Scan Profile I’ve created for you.

2. In PDQ Inventory, with Reports selected in the tree, import all three files. (File > Import or Ctrl+I).

3. PDQ Inventory will now include a Reports folder with three reports,  four collections, and a scan profile all starting with the titles ‘Intel SA-00086’.

4. Download the INTEL-SA-00086 Detection Tool.

5. Extract the Detection Tool into your PDQ Deploy Repository. The package looks for this by default: $(Repository)\Intel\SA00086_Windows\DiscoveryTool\Intel-SA-00086-console.exe

6. Download and unzip the package I’ve created for you.

7. Import the package into PDQ Deploy. (File > Import or Ctrl+I).

8. Open the Package Properties and go to the Options tab. Set to Scan After Deploy using the Scan Profile named Intel SA-00086.

9. Save and close.

10. Deploy the Package, choosing the ‘Intel SA-00086 – Not Scanned’ collection from PDQ Inventory as your target.

11. Return to PDQ Inventory and check the Collections and/or Reports for vulnerable computers once the deployment and scans finish.

NOTES: I recommend only running this against physical machines vs. virtual machines. Additionally, if you are running a version of PDQ Deploy other than 15.3, you should remove 100 from your Success Code list so the Package will fail on vulnerable computers.

If you do not have PDQ Inventory, you can still use the PDQ Deploy package. You will need to edit the package and remove ‘100’ from the Success Codes listed in ‘Step 2 – Run the detection tool’. Deploy to all computers.

INTEL-SA-00086 Return Codes

Here is a breakdown of the Return Codes as specified by section 2.11 of INTEL-SA-00086_Detection_UG.pdf in the detection tool files.

NumberStatusMeaning
0NOTVULNERABLE | STATUS_OKPlatform is not vulnerable
10HECI NOT INSTALLED
11HECI_ERROR
100DISCOVERY_VULNERABLE_NOT_PATCHEDPlatform is vulnerable
101DISCOVERY_NOT_VULNERABLE_PATCHEDPlatform is not vulnerable, it has been patched
200DISCOVERY_UNKNOWNUnable to determine platform vulnerability

Please be aware that although this solution worked in our environment, it is being presented to you, as is. We are unable to guarantee it will work in your environment.

Ready to get started with PDQ Deploy & Inventory? Work less, automate more.

Start your 14-day free trial
Sign up in seconds

Don't miss the next post!

Press Release: PDQ Acquires SmartDeploy

PDQ.com, a leading provider of IT asset management software, announced today its acquisition of SmartDeploy, an industry leader in remote computer management.

PDQ.com
© 2022 PDQ.com Corporation
Products
  • PDQ Deploy ®
  • PDQ Inventory ®
  • SimpleMDM
  • Pricing
  • Downloads
  • Licensing
  • Buy