What am I seeing?
The OpenSSL CVE-2014-0160 Heartbleed issue affects the Intel® Setup and Configuration Software (Intel® SCS) version 9.1 (version 184.108.40.206). Intel® SCS 9.0 and earlier versions are not affected.
What's the current solution?
Intel® SCS 220.127.116.11 (b) includes updates to the OpenSSL CVE-2014-0160 issue by updating the OpenSSL DLL to version 1.0.1.g, which is not affected.
What functionality of Intel® SCS 18.104.22.168 is affected?
The Intel SCS Remote Configuration Service (RCS) component of version 22.214.171.124 is the only component affected by this issue.
What should I do if I already deployed Intel® SCS 126.96.36.199?
If RCS from version 188.8.131.52 is not installed, no action is needed. Do not install RCS from version 184.108.40.206.
If RCS from version 220.127.116.11 is installed, you do not need to replace the OpenSSL DLL used by RCS to version 1.0.1.g. In order to mitigate the risk of exposed certificate keys and user data, Intel recommends that you revoke and reissue certificates and change passwords after the updates. The required steps are:
Step A. Get a copy of OpenSSL DLL files version 1.0.1.g.
Step B. To manually change the OpenSSL files:
- On the computer running the RCS, open the Services window and stop the RCS service (RCSService.exe).
- Browse to the service installation folder. The default location is: C:\Program Files (x86)\Intel\SCS9\Service
- Replace these two OpenSSL DLL files with the 1.0.1.g version:
- Open the Services window and start the RCS service again:
Step C. In order to mitigate the risk of exposed certificate keys and user data, Intel recommends that you:
- Replace the PKI certificate used for remote configuration using PKI.
- Run these maintenance tasks on all configured Intel® AMT systems:
- RenewADPassword (to change the password of the Active Directory object representing the Intel® AMT system)
- RenewAdminPassword (to change the password of the default Digest admin user in the Intel AMT device)
- ReissueCertificates (to reissue the certificates stored in the Intel AMT device)