Intel® Platform Trust Technology (Intel® PTT) Vulnerability in Systems Using Intel® CSME and Intel® TXE (Intel-SA-00142)

Documentation

Product Information & Documentation

000030081

09/12/2018

In an effort to continuously improve the robustness of the Intel® Platform Trust Technology (Intel® PTT), Intel has performed a security review of its Intel® PTT. As a result, Intel has identified a potential vulnerability in the Intel® PTT module that may allow information disclosure of certain Intel PTT data via physical access.

Firmware updates have been provided to system manufacturers that resolve the issue. Intel recommends that you check with your system manufacturers to determine the availability of their firmware update. Then apply available updates in a timely manner.

Affected Products

Intel® Converged Security and Management Engine (Intel® CSME)
Updated Intel® CSME Firmware version Replaces Intel® CSME Firmware version
12.0.6 12.0 through 12.0.5
Intel® Trusted Execution Engine (Intel® TXE)
Updated Intel TXE Firmware version Replaces Intel TXE Firmware version
3.1.55 3.0 through 3.1.50
4.0.5 4.0.0

Frequently Asked Questions

Click or the question for details:

What are the Vulnerability Descriptions, Common Vulnerabilities and Exposures (CVE) Number, and Common Vulnerability Scoring System (CVSS) information for the identified vulnerabilities associated with Intel CSME?
  • See the Security Advisory SA-00142 for full information on the CVEs associated with this announcement.
How can I view the ME/CSME version to determine if I'm impacted by this vulnerability?
  • Option 1: Restart your system and access the system BIOS. ME/CSME firmware information may be available in the BIOS information screens. Contact your system manufacturer for assistance.
  • Option 2: Download the Intel SA-00125 Detection tool.

    From Download Center. Extract the tool and run the Intel-SA-00125-GUI.EXE program.

    Check the ME Info section of the output for the ME version number (example below).

    Intel(R) ME Information
    Engine: Intel(R) Management Engine
    Version: 11.6.29.3287
    SVN: 1

I have a system or motherboard manufactured by Intel (Intel® NUC, Intel® Mini PC, Intel® Server, Intel® Desktop Board) that is showing as vulnerable. What do I do?
  • Go to the Support homepage and Choose your product. There you'll be able to check for BIOS or firmware updates for your system.
I built my computer from components; I don't have a system manufacturer to contact. What do I do?
  • Contact the manufacturer of the motherboard you purchased to build your system. They're responsible for distributing the correct BIOS or firmware update for the motherboard.