New: Intel-SA-00086 Discovery Tool 1.0.0.152 for the November 2017 ME Vulnerability

Intel-SA-00086 Discovery Tool 1.0.0.152 for the November 2017 ME Vulnerability
Determine whether a system is vulnerable to the exploits documented in Intel Security Advisory INTEL-SA-00086

This package includes a WSUS deployable CAB file, complete with deployment and reporting rules.

  • Check hardware compatibility
    • Abort with one of the following exit codes, if the discovery tool is not applicable to the system:
      • 110 – Not applicable to virtual machines
      • 111 – Not applicable to non-Intel processors
  • Abort the installation if the Discovery Tool is running
  • Run the Discovery Tool and log the results
  • Set the exit code based on the assessment:
    • 320 – Not vulnerable
    • 321 – HECI is not installed (Are we missing Intel ME/TXE drivers?)
    • 322 – HECI error
    • 323 – Vulnerable, has not been patched
    • 324 – Not vulnerable, has been patched
    • 325 – Unable to determine vulnerability
    • 326 – Failed to get the assessment results
  • For simplified reporting, write the exit code to:
    • 64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MassDeploy\History\Intel-SA-00086 Discovery Tool 1.0.0.152 for the November 2017 ME Vulnerability | Last Exit Code
    • 32-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\MassDeploy\History\Intel-SA-00086 Discovery Tool 1.0.0.152 for the November 2017 ME Vulnerability | Last Exit Code
  • Display the results, but only when run in interactive mode

Command line arguments
<none> - Minimally interactive install
/u - Unattended install
/s - Silent install
Exit codes
110 - Not applicable to virtual machines
111 - Not applicable to non-Intel processors
320 - Not vulnerable
321 - HECI is not installed (Are we missing Intel ME/TXE drivers?)
322 - HECI error
323 - Vulnerable, has not been patched
324 - Not vulnerable, has been patched
325 - Unable to determine vulnerability
326 - Failed to get the assessment results
Common exit codes