Intel Management Engine Security issue and how to fix

Intel Management Engine Security issue and how to fix

Postby Swarfendor437 » Sun Dec 10, 2017 11:42 pm

[UPDATED 13.12.2017]

Windows and GNU/Linux
First download the GNU/Linux detection tool to test if your processor is vulnerable from here:

[Scroll to the bottom of the page to see which Hardware Manufacturer's have released a fix]

Download the .tar.gz file to your Downloads folder.
Extract all the files into this location - it should create a folder with all the necessary files within it with the same name as the .tar.gz. folder.
The python file that sits outside the other folders will need checking that the permissions tab has the 'executable' element check marked (
There are two other items that also need to be checked for permissions inside of 'common' (spsInfoLinux64 and spsInfoLinux64_3) as executables. (In Zorin 12 they are automatically marked as 'executable' in the permissions tab - I cannot vouch the same for Zorin 9.

Open a Terminal and navigate to Downloads | SA00086_Linux and enter

Code: Select all
python ./

Here were the results of a machine at work:

"vidmaker1@vspersamsung1:~/Downloads$ cd SA00086_Linux
vidmaker1@vspersamsung1:~/Downloads/SA00086_Linux$ sudo ./
[sudo] password for vidmaker1:
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version:
Scan date: 2017-12-11 09:56:51 GMT

*** Host Computer Information ***
Name: vspersamsung1
Model: R530/R730/R540
Processor Name: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
OS Version: Zorin 12 xenial (4.10.0-40-generic)

*** Risk Assessment ***
Detection Error: This system may be vulnerable,
either the Intel(R) MEI/TXEI driver is not installed
(available from your system manufacturer)
or the system manufacturer does not permit access
to the ME/TXE from the host driver.

For more information refer to the INTEL-SA-00086 Detection Tool Guide or the
Intel Security Advisory Intel-SA-00086 at the following link:

vidmaker1@vspersamsung1:~/Downloads/SA00086_Linux$" (End of Terminal Report)

Have visited the Samsung site in the UK and their interface is apalling - when you want to get to send an email to support it wants to direct you to FAQ's!

Having built two PCs for family members using Asus Maximus VIII Ranger motherboards I had to go to Asus Website to download the correct fix for Windows. I am not sure what the method is for GNU/Linux from Asus, but I am just sharing with you the information in respect of Windows - one PC had Windows 7 Pro and another Windows 8.1 Pro - it would appear that the same fix works on both versions of Windows - newer Asus Mother boards (Z370 processors) have a BIOS item to update that will fix this.

Personally I prefer AMD processors. Any Intel Processor produced since 2008 is potentially vulnerable. Also after you have applied the fix, run the detection tool again - it should report your processor as patched.

Anyone with an Asus Motherboard should go to their site and go to the Product Page | Support then look for Drivers and download the ME Update Tool from that Page.

Boards with Z170 and Z270 updates via the downloaded fix from within Windows but be sure to stop all running applications such as Spotify, Skype, any ancillary apps in the System Tray, then disconnect from the Internet, then close AntiVirus program. Before extracting the ME update tool check the download integrity of the md5 sum using the md5free tool from - you need to check the integrity of the zip file NOT its contents!

Z370 boards from ASUS have an update tool from within the BIOS utility.

How to use winmd5 in my tutorial video here:

Please be advised asus uses md5 - other manufacturers may use SHA256 verification. For that look here:


Interesting article here: ... ble/306973

Machine: ASUS X470-PRO, AMD Ryzen 7 X1700 8 Core, 16 Gb RAM, nVidia Graphics GT620 (2 Gb)
User avatar
Posts: 9172
Joined: Wed Sep 18, 2013 5:51 pm

Return to How-tos and Tutorials

Who is online

Users browsing this forum: No registered users and 4 guests