Intel MEI Do I need it?

SIW2 said:

I posted the link for info. and because it includes a link to a program that checks for vulnerabilties.

The link indicates there were previously vulnerabilities, so it is not impossible ther may be others in future.

It is curious there is no real information about what it is for, just obfuscatory verbiage.

As far as I can make out, you have no choice about the firmware. You have it whether you want it or not (possible exceptions being purism )

However, as far as I can tell, the software is for some kind of remote management . I dont know why a normal consumer would need or want such a thing.

Click to expand...

This: Intel® Converged Security and Management Engine Version Detection Tool (Intel® CSMEVDT) - will show you if the system is vulnerable.

You also have a public list with said vulnerabilities - and it's quite clear and detailed:


For example:

Summary:​

Potential security vulnerabilities in the Intel® NUC Software Studio Service software may allow escalation of privilege, denial of service or information disclosure. Intel is not releasing updates to mitigate these potential vulnerabilities and has issued a product discontinuation notice for Intel® NUC Software Studio Service software.

Vulnerability Details:​

CVEID: CVE-2024-23197

Description: Improper access control in the Intel® NUC Software Studio Service software for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 7.5 High

CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS Base Score 4.0: 5.4 Medium

CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N



CVEID: CVE-2024-34159

Description: Out of bounds write in the Intel® NUC Software Studio Service software for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 7.8 High

CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS Base Score 4.0: 7.3 High

CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N



CVEID: CVE-2024-23498

Description: Improper access control in the Intel® NUC Software Studio Service software for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score 3.1: 8.8 High

CVSS Vector 3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS Base Score 4.0: 8.5 High

CVSS Vector 4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N



CVEID: CVE-2024-36483

Description: Improper buffer restrictions in the Intel® NUC Software Studio Service software for Windows may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score 3.1: 5.5 Medium

CVSS Vector 3.1: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS Base Score 4.0: 5.7 Medium

CVSS Vector 4.0: CVSS:4.0/AV:L/AC:L/AT/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N



CVEID: CVE-2024-36297

Description: Improper initialization in the Intel® NUC Software Studio Service software for Windows may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score 3.1: 4.7 Medium

CVSS Vector 3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS Base Score 4.0: 5.7 Medium

CVSS Vector 4.0: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products:​

Intel® NUC Software Studio Service software, all versions.

Intel® NUC M15 Laptop Kits: LAPBC510, LAPBC710.

Intel® NUC P14E Laptop Element: CMCN1CC.

Recommendation:​

Intel has issued a product discontinuation notice for Intel® NUC Software Studio Service software. As of March 30, 2024, the Intel® NUC Software Studio Service software is not supported with any additional functional, security, or other updates. Intel recommends that users of the Intel® NUC Software Studio Service software uninstall it or discontinue use as soon as possible.



Product support for many NUC products has moved to ASUS. Technical and Warranty Support for Intel’s NUC 7 through NUC 13 Systems has transitioned to ASUS as of January 16, 2024. See the NUC Customer Support notice for more information.

Acknowledgements:​

Intel would like to thank Aobo Wang of Chaitin Security Research Lab (CVE-2024-23197, CVE-2024-34159, CVE-2024-36297, CVE-2024-36483) and @sim0nsecurity (CVE-2024-23498) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Scannerman said:

Right clicking on the bang (yellow triangle) can sometimes open a window that will have tabs that can help you better identify what it's for. It does appear to be for a card reader. Hopefully you'll find a driver that works with it. Sometimes this can be solved if you have the manufacturer driver disk (or media) and then upgrade the driver. There is also software you can use to search it out, but sometimes you won't get the right driver with third party software and will have to uninstall it.

Click to expand...

Did that which is how I found the PCI/Ven that said it is the Realtek card and got the driver for that from the manufacturer website. But maybe the driver is too old - or the sd card slot not working or something - will need to check that. I don't really need it.

It's mainly the IMEI driver I'm wondering about.

Hazel123 said:

Did that which is how I found the PCI/Ven that said it is the Realtek card and got the driver for that from the manufacturer website. But maybe the driver is too old - or the sd card slot not working or something - will need to check that. I don't really need it.

It's mainly the IMEI driver I'm wondering about.

Click to expand...

I'm lazy but I have a soft spot for gen 4 processor chips. I'd just download IObit's Driver Booster, run the free version, get my driver(s), install them, and uninstall the freeware afterward. It's faster than hunting for drivers all over the net that you don't even know are safe or not. Driver Booster 12 Free: Official Free Driver Updater Tool for Windows 2024

Thanks for the tip. It's only the one driver really I like to know what I'm doing. I'm just curious about this one

Hazel123 said:

Had a look under system devices and it's not there. This is where it appears (attached screenshot). The one above it originally had a warning triangle - that was the card reader driver, which I installed, but that doesn't seem quite right either. It doesn't display as the Realtek card reader once the driver is installed - just a question mark.

The PCI/VEN says it's the Intel MEI. Also attached the driver on the HP web page for it - under Chipset Drivers.

I'm not quite clear on the vulnerability aspect - are you saying it's vulnerable with it or without it? Or both?!

I think when I was using this laptop on windows 11 a few years back I just ignored both of those triangles. Seemed to be ok.

View attachment 122764

View attachment 122765

View attachment 122763

Click to expand...

Normally, as a "Home User" - you wouldn't need it. But some OEMs tie important functions to a component from the IME suite. So hey, if "all" is working as intended - maybe that's not case with you and you don't need it. If forcefully installed - you just have to disable Intel Management Engine Interface from System Devices - and all it's Windows components will be disabled. If installed, it's recommended to use this tool from intel to check for vulnerabilities: Intel® Converged Security and Management Engine Version Detection Tool (Intel® CSMEVDT) And if there's no firmware - which covers the given vulnerabilities - you'll have to contacted the OEM and ask for a firmware update - by mentioned the model and giving them that link. Been doing this for years (some systems are 5 years old - and the OEM stopped caring).

Thanks. Yes it's for home use. I take it as it's not recognised without the driver, there is no option to disable it! Therefore it's already disabled - is that right? I am tempted to just ignore it possibly.

"The laptop was originally on Windows 8.1 so presumably it's quite an old driver."

On my old 2014 Laptop originally on Windows 8.1 the Intel MEI driver came from Windows updates in 2017, Now on Windows 10, from 2016.
Additionally two more updates in 2020 and 2021 in Windows update history, though the nominal version is the same.

"I’m wondering why Windows didn’t install it."

Windows does, at least it does if you keep the original install.

I have never messed directly with Intel, nor any other dubious "updating app", because it is a Laptop which has OEM hardware.

This: Intel® Converged Security and Management Engine Version Detection Tool (Intel® CSMEVDT) - will show you if the system is vulnerable.

Click to expand...

I know. It was in the original link I posted.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Click to expand...

Nobody is disputing that.

What is not clear is what is it for and does an average user need or want the firmware ( though they dont seem to have a choice there )

and why would the average user want or need the software.

Try this and see what it says:


Just to see if it's recognized and it'll give you some info.
You don't have to install if you think it's wrong.

Hazel123 said:

Thanks. Yes it's for home use. I take it as it's not recognised without the driver, there is no option to disable it! Therefore it's already disabled - is that right? I am tempted to just ignore it possibly.

Click to expand...

Functionality wise, yes - that component won't work in Windows. It becomes an annoyance for Windows - like any other error. I prefer to have install and disable it (if not needed) - just a personal preference (cleaner this way).

@glasskuter

I didn't introduce the topic of Intel Firmware into this thread about Intel MEI drivers, another poster did. I just pointed out that it is very old news.

I would right-click on it in Device Manager and uninstall it, also uninstalling the driver software if that option is offered and then click on Action.. Scan for Hardware changes. Windows should find and install the correct driver.

I put Windows 10 back on it temporarily (bios update wouldn't work in 11). The same two devices had warning triangles. It seems the Intel MEI driver was downloaded but is under "optional drivers". So clearly Windows thinks I didn't need it. Is there an optional drivers in Windows 11 as well?

Restored the Windows 11 image and looked in optional drivers and installed the Intel MEI one. No warning triangles now and the IMEI is now listed under system devices as mentioned above. I checked what driver it was an it was a different one to that on the HP drivers page but it was still from 2015. However I wonder if I actually needed it as Windows classed it as an optional driver for if you have any issues.

I have now done as neves suggested and disabled the device. It was from the era of the potential vulnerabilities.

Edit: This doesn't make good reading!

"It is normally not possible for the end-user to disable the ME and there is no officially supported method to disable it, but some undocumented methods to do so were discovered.<a href="Intel Management Engine - Wikipedia"><span>[</span>41<span>]</span></a> The ME's security architecture is designed to prevent disabling. Intel considers disabling the ME to be a security vulnerability, as a malware could abuse it to make the computer lose some of the functionality that the typical user expects, such as the ability to play media with DRM, specifically DRM media that is using HDCP.<a href="Intel Management Engine - Wikipedia"><span>[</span>79<span>]</span></a><a href="Intel Management Engine - Wikipedia"><span>[</span>80<span>]</span></a> On the other hand, it is also possible for malicious actors to use the ME to remotely compromise a system."


I'm trying to work out what is the safer option - no driver installed (so it can't work without the driver right?) Or driver installed and disabled in Device Manager - except the above says it can't be disabled.

Marcus Vinicus said:

@glasskuter

I didn't introduce the topic of Intel Firmware into this thread about Intel MEI drivers, another poster did. I just pointed out that it is very old news.

Click to expand...

Hey, I happen to resemble that remark! Haswell is old news and Broadwell is old news and these are among my favourites.

kelper said:

I would right-click on it in Device Manager and uninstall it, also uninstalling the driver software if that option is offered and then click on Action.. Scan for Hardware changes. Windows should find and install the correct driver.

Click to expand...

I was about to mention that this morning but it slipped my mind. If the system really needs it then it will come back even if you disable, uninstall, and delete. Such is the way with my annoying TBMT3 driver. I'm stuck with that "yellow triangle". I have a permanent yield sign in my device manager and TBH, I really don't need it because 4.1 GHz is fast enough for this processor. 'Tis my little buggaboo, my piece of grit between the toes that keeps on returning to remind me that no system is perfect no matter how much you work on it.

Hazel123 said:

Restored the Windows 11 image and looked in optional drivers and installed the Intel MEI one. No warning triangles now and the IMEI is now listed under system devices as mentioned above. I checked what driver it was an it was a different one to that on the HP drivers page but it was still from 2015. However I wonder if I actually needed it as Windows classed it as an optional driver for if you have any issues.

I have now done as neves suggested and disabled the device. It was from the era of the potential vulnerabilities.

Click to expand...

Hazel, I rejoice for you! Those nasty little yellow triangles can be so annoying at times.

Thank you. Except see my earlier post. I'm wondering if I'd rather have the yellow triangle than the IMEI operating!

I'm trying to work out what is the safer option - no driver installed (so it can't work without the driver right?) Or driver installed and disabled in Device Manager - except the above says it can't be disabled.

Click to expand...

Anyone? This is a 4th generation Intel Core i7 processor with an Intel MEI driver from 2015 - is it safe? And if not would it be safer to have no driver installed as then it can't work?

Hazel123 said:

Anyone? This is a 4th generation Intel Core i7 processor with an Intel MEI driver from 2015 - is it safe? And if not would it be safer to have no driver installed as then it can't work?

Click to expand...

IMO There are many degrees of "safety" and no system is 100% secure. We are looking at a gen 4 CPU here. That means there's no existing Windows OS that it will "safely" support. This doesn't make it useless. Anyone working with seriously sensitive data should be using current hardware, but even current hardware isn't 100% secure. This is why Windows provides so many security updates. REMEMBER: Windows security updates are not provided simply for the sake of the end user. They are provided chiefly for the security of Microsoft. So it is with the TPM or trusted platform module and various other security features dreamed up by corporations that want to cover their assets.

Generally speaking, a good VS program such as Kaspersky, for example, can help to protect your data via encryption. So even if you make online purchases, or resort to online banking on a gen 4 PC you will be relatively "safe" provided you keep up your virus definitions and use an encryption window. Exceptions to this are rare. Security keys alone will NOT keep your PC safe, but I digress.

Next point: Will a dated Intel MEI driver make your OS crash and burn? A: Not very likely. In the event that your system crashes you should be able to bring it back with a good backup (and although I'm a bit senile I know you use backups). The biggest danger with older Intel processor chips and physical system security is Spectre/Meltdown and few end users ever suffer from this vulnerability. As long as your data is backed up you shouldn't have a problem. Gen 4 CPUs such as Haswell chips technically won't support Win11 so how safe do you want "safe" to be? If the PC is consistently BSOD'ing then you certainly have a problem; but even this can be rectified simply by retrieving the error code and looking up the solution.

Myself, I'd leave it in and forget about it. Most of those identified potential insecurities don't even apply to the average domestic end user.

I hope this helps

Thanks. I'm not worried about general safety - just holes in software/vulnerabilities and vulnerabilities in old drivers? I think it's unlikely cybercriminals will remotely hack in via my Intel MEI and will choose bigger targets. It doesn't make me feel comfortable! The laptop was running fine without the driver. So I'm still in two minds whether to just have it without the driver.

I'm also curious to know why Windows update hid the driver away in "Optional updates" if the IMEI is important.

neves said:

This: Intel® Converged Security and Management Engine Version Detection Tool (Intel® CSMEVDT) - will show you if the system is vulnerable.

You also have a public list with said vulnerabilities - and it's quite clear and detailed:

Security Center

Security Center

www.intel.com

Click to expand...

Ran that and it just says "This system may be vulnerable" - which we already guessed due it being a fourth generation processor! So if I leave it without the driver - does that mean it couldn't be accessed?