Intel MEI Do I need it?

I use the Intel Driver and Support Assistant for updates. I much prefer it to letting Windows Update install Intel drivers behind my back. The Intel tool is used on both my computers, it never installs anything without asking for approval first.

Marcus Vinicus said:

I use the Intel Driver and Support Assistant for updates. I much prefer it to letting Windows Update install Intel drivers behind my back. The Intel tool is used on both my computers, it never installs anything without asking for approval first.

Intel® Driver & Support Assistant

This application provides driver and software updates for your Intel hardware.

www.intel.com

Click to expand...

I use it too. It's never given me a bad driver yet.

Hazel123 said:

Ran that and it just says "This system may be vulnerable" - which we already guessed due it being a fourth generation processor! So if I leave it without the driver - does that mean it couldn't be accessed?


View attachment 122846

Click to expand...

All Gen 4 CPUs are vulnerable. The detection tool will find drivers required that may have made it less vulnerable once upon a time but the chip isn't supported anymore. Intel no longer supports this hardware. That doesn't mean that updating the driver will necessarily make it worse. Those bangs or "little yellow triangles" are best eliminated whenever possible. If you completely disable, uninstall, and delete it you can determine whether it is integral to the system hardware after a reboot by simply going back into device manager and seeing if it's back. HP has proprietary drivers so that is likely what is preferred but at this stage I'd say that it's negligible. Your system is about as safe with it as it can be in this regard and you can install the Intel Driver & Support Assistant too if you like. I doubt that it will get much attention because support for the CPU is discontinued so, it's "not safe" because it's no longer supported.

Again. Intel has to tell you this because they are legally obligated to cover their assets or risk heavy fines. Leaving the hole there isn't safe. Plugging it with dead wood isn't safe. Nothing you do to it will make it safer. At least you can get rid of the bang. I wish I could eliminate mine on the Win 11 side on my work station.

The outdated version of the ME (Management Engine) firmware is what has the vulnerabilities. It is therefore important to update this firmware, and, to make this possible, the MEI (Management Engine Interface) driver needs to be installed first. The ME driver that @glasskuter linked in post #9 won't work on Intel CPUs that are older than 7th Gen (Kaby Lake). Yours is 5th Gen (Broadwell, or Broadwell-U to be more precise). So, you'll need to grab the one from HP instead. And hope for the best.

Further, just because the MEI driver (on Intel CPUs older than 7th Gen) or the ME driver (on 7th Gen or newer Intel CPUs) has been installed and you haven't disabled driver updates in Windows Update, doesn't necessarily always mean that Windows Update will automatically offer the new ME firmware, but if it does, it does so via Optional Updates. Also note, if a firmware update is installed via Windows Update, the actual updating of the firmware doesn't occur until the computer is restarted.

Another thing to note is that updating the firmware may require to use a separate update tool. If so, it is up to the manufacturer to provide this tool, and, this tool is system-specific, which means that the steps to update this firmware varies depending on the system make and model. Here is an example: [Motherboard] Intel® Management Engine Firmware Update Instructions(ME) | Official Support | ASUS Global

Finally, if system security is important to you, avoid to use old and outdated hardware that is no longer being supported by the manufacturer so they no longer will provide security updates and the update tools necessary to install them. In short, computers age like fine milk. If you mean what I get...

In my Windows 11 Laptop there are 60 devices under System in the Device Manager.
Are people supposed to research and understand each of those technologies in detail and decide whether they need them or not.
Install more bloatware apps for drivers they get from Windows updates.
Ridiculous.

Hazel123 said:

Ran that and it just says "This system may be vulnerable" - which we already guessed due it being a fourth generation processor! So if I leave it without the driver - does that mean it couldn't be accessed?


View attachment 122846

Click to expand...

This tool can't work without the driver installed (that's how it can access the firmware to see if it's vulnerable). But, yeah 100% is vulnerable since you need a firmware from December 2024 covering all vulnerabilities. And HP probably (if not more than likely) won't cover a 10 old system - maybe even recommend you to buy a new one.

Intel Management Engine - always runs - if the computer is functional and has power (it's not tied to Windows - but the intel Chipset). The Windows driver - and its embed components - are simply for managing/using its functions/features within Windows. Tho, unless you're a person of interest - there's low chances of being targeted. :)

man00 said:

After searching mine shows as for Windows 10
View attachment 122766

Click to expand...

The driver on both of my PowerSpec desktops were last updated on Feb. 8th 2024 The driver version is 2406.5.5.0.

Helmut said:

In my Windows 11 Laptop there are 60 devices under System in the Device Manager.
Are people supposed to research and understand each of those technologies in detail and decide whether they need them or not.
Install more bloatware apps for drivers they get from Windows updates.
Ridiculous.

Click to expand...

This is the point I was trying to stress earlier. It's really negligible for the average domestic end user. I would have been happy just to get rid of the bang. The Intel Driver and Support Assistant could cover anything else Intel had in store for it after HP stopped supporting it if I were really keen. Odds are it would just sit there and do nothing. Depending on what you're using your PC for you might want to check all 60 of those devices or you might not. Personally, I would not sweat it. I'd use my current supported hardware for anything I would regard as sensitive and have fun with the older hardware just like I'm doing right now.

Being an easy target is what makes you a person of interest. Those who attack high-valued targets often use botnets to hide their identity during their attacks, and, botnets often contain countless hacked PCs owned by unsuspecting users. It is these users' persistent lack of awareness that makes their PC more useful to the attackers. It also increases the likelihood that these users will fail to take appropriate security actions for years to come, as that in fact is what the "persistent" part also boils down to, i.e., persistently useful to the attackers. A fast way to make a hacker smile is to keep the old myth alive that unless you're a person of interest, there's low chances of being targeted.

neves said:

This tool can't work without the driver installed (that's how it can access the firmware to see if it's vulnerable). But, yeah 100% is vulnerable since you need a firmware from December 2024 covering all vulnerabilities. And HP probably (if not more than likely) won't cover a 10 old system - maybe even recommend you to buy a new one.

Intel Management Engine - always runs - if the computer is functional and has power (it's not tied to Windows - but the intel Chipset). The Windows driver - and its embed components - are simply for managing/using its functions/features within Windows. Tho, unless you're a person of interest - there's low chances of being targeted. :)

Click to expand...

Thank you for explaining that. So whether I use the driver or not, the Intel Management Engine is still running and still vulnerable? And using the driver doesn't make it any more or less vulnerable - is that right? The driver itself is also vulnerable I would think but as a separate issue maybe? So whether I have the driver installed or not, the IMEI could still "potentially" be vulnerable to hacking - is that right? This is what I wanted to understand It won't be a main laptop but - if and when it was used, I might do all the same things I do on a main laptop (eg if main laptop is out of action). ie use it a lot for periods.

I'm curious also as to whether a driver for a later model of laptop/different processor would be worth trying. Presumably if it worked it would be ok to use and not cause any system issues? A Windows 10 driver was suggested on an HP site although I doubt that is particularly recent either.

Updating the ME firmware on your Intel 5th Gen CPU addresses vulnerabilities at the firmware level—essentially the embedded system within your processor that operates independently of your main operating system. However, the MEI driver is a separate entity that allows your operating system to communicate with the ME firmware, and it can have its own vulnerabilities.

Even after updating the ME firmware, an outdated or vulnerable MEI driver could potentially be exploited by attackers to gain unauthorized access or escalate privileges within your system.

Historically, there have been instances where vulnerabilities in the MEI driver have been identified and patched separately from the firmware updates. These vulnerabilities could allow malicious software to interact with the ME in unintended ways, undermining the security measures provided by the firmware update.

Sometimes, either 1/ ME firmware updates are included within BIOS updates provided by your system/motherboard manufacturer or 2/ the BIOS requires to be updated before a ME firmware update can succeed. Ensure your BIOS is also up-to-date to benefit from the latest security enhancements. This is regardless of the ME firmware BTW. Keeping both your firmware and drivers up-to-date is essential. (Even, when it comes to those specific hardware components that you never use, but that remain present in the system still nevertheless.)

Thank you. I did update the bios to the latest one which was from 2020. So still not that new. All other firmware and drivers for this model seem quite old and the only firmware on the site is for the touchscreen. So I accept the whole thing will be vulnerable, as per the scan and updated firmware isn't available. So based on what you said above @hdmi - would it be more vulnerable or less vulnerable without the driver?! Or should I try the Windows 10 driver mentioned on an HP site?

That driver is from 2017


Sorry to ask so many questions - I'd like to understand all this. I'm inclined to try the newer driver suggested on the HP site. But - if not having any driver means IMEI can't "talk" to Windows then that might be better?!! After all Windows didn't even install the driver - it put it under "optional drivers". On the other hand, installing the driver and then disabling IMEI will presumably stop it interacting with Windows (even if it's still running).

The latest bios update notes from 2020 say it is for enhanced security and recommends doing it promptly (it has been done) so maybe that was related to IMEI? I suspect the bios may be a protection. Although the scan did say the system was vulnerable.

I'm not particularly worried about it, but it's something I haven't thought about before and would like to understand it.

Hazel123 said:

would it be more vulnerable or less vulnerable without the driver?!

Click to expand...

Choosing not to install the MEI driver might seem like a way to sidestep potential vulnerabilities, especially if the latest driver dates back to 2015. However, leaving the MEI driver uninstalled and accepting the yellow warning triangle in Device Manager isn't generally recommended.

The MEI driver acts as a communication bridge between your operating system and the Intel Management Engine firmware embedded in your CPU. This interface enables various system functionalities, including power management, system monitoring, and certain security features. When the MEI driver is missing:

• Limited Functionality: Essential features that rely on MEI may not function correctly, potentially impacting system performance and stability.
• System Warnings: The yellow bang warning triangle in Device Manager indicates that Windows recognizes hardware without the proper driver, signaling a misconfiguration.
• Inability to Receive Updates: Without the driver, you may miss critical updates that could address security vulnerabilities within the ME subsystem.

While it's natural to be cautious about installing older drivers due to potential vulnerabilities, not installing the MEI driver doesn't inherently enhance security. Here's why:

• ME Firmware Remains Active: The Management Engine firmware continues to run at a low level within your system, even without the MEI driver. Any vulnerabilities at the firmware level still exist.
• Loss of Communication Means Loss of Control: Without the driver, your operating system can't communicate with the ME firmware to apply updates or patches that could mitigate known vulnerabilities.
• Potential Instability and Unknown Risks: Ignoring hardware components can introduce unpredictable system behavior, which might expose your system to other security risks.

Hazel123 said:

Or should I try the Windows 10 driver mentioned on an HP site?

That driver is from 2017

http://ftp.hp.com/pub/softpaq/sp79001-79500/sp79059.html

Click to expand...

Maybe try this one instead:

Thank you. I might try that one I have just tried this one. I don't know if it was a good idea or not! It came up from the hardware ID search but I'm usually cautious about using driver sites. It says it's a 2024 driver. So I installed it. It installed ok. I then ran the Intel CSME scan again. And this time it just came up saying "The System is not supported" which doesn't sound good. Previously it came with "This system may be vulnerable".

What does that mean? The system is not supported? What system? The Windows system? The IMEI program?


Edit - I've tried the one you linked above (driver is 2017 even though released May 2018). It installed ok. Although it's not as new as that 2024 one, it is an HP one which is maybe better. Ran the Intel CSME scan again and it still says "The System is not supported". The explanation given is:

"Firmware versions of Intel(R) ME 3.x thru 10.x, Intel TXE 1.x thru 2.x and Inter Server platform services 1.x thru 2.x are no longer supported, thus were not assessed for the vulnerabilities/CVE's listed in these Security Advisories. There is no new release planned for these versions."

Still not quite clear! So it's basically saying it can't assess for vulnerabilities when a non original driver is installed? Or maybe that vulnerabilities aren't an issue as it's a later driver?

And thank you for that very helpful post and explanation. What do you think about that link to the 2024 driver? Both the one you linked and that one installed ok and without issue. I don't know what machine or manufacturer the 2024 one was intended for though.

hdmi said:

Choosing not to install the MEI driver might seem like a way to sidestep potential vulnerabilities, especially if the latest driver dates back to 2015. However, leaving the MEI driver uninstalled and accepting the yellow warning triangle in Device Manager isn't generally recommended.

Click to expand...

This

HDMI I'm pleased that you have contributed so much valid information in this discourse on Intel's firmware updater, some of it even sharpening my own understanding. Thank you for giving us the straight goods. That said, we are talking about some rather old hardware here. There is no way that security will ever be tightened enough on that unit to be 'safe' unless it stays off the internet. This is why I stated that the matter is negligible. We can discuss security issues from sun up to sun down to learn how to make older hardware safer, but the reality is that not even newer hardware can be made completely safe.

A good physical firewall can help and we have them. They're in our routers, they're in our switch boxes, and sometimes you can still get them separately. A soft firewall, like the one Kaspersky provides, can also help. Apart from this there are also other third party security apps that will scan your PC for vulnerabilities and inform you concerning the condition of your PC. Malware Bytes comes to mind. One might interject, "Yes, but this is a firmware issue" and they would be right. Nevertheless updating the firmware with more old firmware makes no assurance of safety when it remains unsupported. Agreeably, the best firmware in this case (as is most usually the case) is the proprietary firmware HP offers and I stated so previously a couple of times already.

My point is that none of these measures will render that old hardware 'safe' by Intel's standards but I would venture that 80% of Intel CPUs being used today are not safe by their standards because of lovely little things like Spectre/Meltdown and TPM2. Intel has dropped the ball on a good deal of their firmware in the past 5 years. Optane is no longer a thing (unless you use a NUC). IRST is no longer a thing anymore either according to them. So it behooves me to say that nothing is really safe anymore because even TPM2 has its vulnerabilities.

I would venture that a line of reasoning and common sense would apply here. Staying off the internet should make your hardware at least 99% safe. Following this attricion sets in. IMO many people go into panic mode and make mountains out of mole hills over security. In fact, there's a plethora of marketed software called FEARWARE that grew out of these irriational insecurities over safety. Where does it end? One could easily state that just joining this forum and making one's self known makes them a 'person of interest'. It would be foolish to think that no hackers read these posts or visit this forum. Does that mean we should all pull out of the forum for safety reasons? I think not.

When it comes down to the crunch most of these vulnerabilities and security issues do not affect the average end user. If you're in a networking pool for some large company the risk increases. Institutions such as hospitals, banks, corporations etc are at greater risk than the domestic end user regarding such exploits so the risk is relative. Yes, it is wise to keep your PC updated if you want to stay on the internet. Yes, you should use some sort of virus/malware protection. Yes, you should update your firmware as much as is reasonably possible BUT you can do all this and still become a victim of an exploit. In fact, you could have the latest greatest newest state of the art bleeding edge hardware and take all these precautions and still get hit with a day zero.

Ya pays ya munny and takes ya chances. I'd be happy with eliminating the bang and using the standard precautions.

I hope this helps

Hazel123 said:

What does that mean? The system is not supported? What system? The Windows system? The IMEI program?

Click to expand...

When Intel says the system is not supported they're referring to your CPU and your physical platform. In other words they mean your system hardware. I'm half tempted to see if that package would help me dispose of my own bang in device manager but I think I may have tried this already. Congratulations on the fix!

Thank you. Yes I'm not particularly worried about it. I've used old netbooks with warning triangles and not bothered to instal the drivers and never had any issues! I knew what they were - it was usually an sd card reader or similar. If it worked I used it. But it's good to have an understanding of what this IMEI is - seeing as it seems it's on every computer virtually.

So drivers. I tried the May 2018 above but decided not to use it - it seemed to install some other Intel software as well. When removing it, Windows reverts it back to the 2015 driver. I tried the 2024 driver mentioned above from DriverPack (although was very apprehensive downloading a driver from a driver site rather than HP) and it seemed ok. I also had a 2023 driver suggested by someone on the HP forum - which was from an Elitebook. Computer didn't seem keen on this one. It didn't have any install dialogue and left the blue circle going round a lot. So uninstalled that again.

It seems better on the 2015 one provided by Windows update, so I guess I'll either just leave that installed or try leaving the 2024 one in and see how it goes.

After a bit of googling I found the 2024 driver is directly from Intel. Although not available to download from Intel (which I'd rather do than use Driverpack) because they seem to have a more recent version now.

So it's either the correct (ancient) one for the machine from HP or an Intel latest one.

I wasn't keen on the file name of the 2024 one from Driverpack - which was Intel-FORCED-HECI-10x64-2441.7.0.0. ie why does it have FORCED in caps in the name?

So that was 2441.7.0.0 - googling that told me it was Intel's own driver.

The latest one from Intel seems to be 2451.7.6.0

Hazel123 said:

Thank you for explaining that. So whether I use the driver or not, the Intel Management Engine is still running and still vulnerable? And using the driver doesn't make it any more or less vulnerable - is that right? The driver itself is also vulnerable I would think but as a separate issue maybe? So whether I have the driver installed or not, the IMEI could still "potentially" be vulnerable to hacking - is that right? This is what I wanted to understand It won't be a main laptop but - if and when it was used, I might do all the same things I do on a main laptop (eg if main laptop is out of action). ie use it a lot for periods.

I'm curious also as to whether a driver for a later model of laptop/different processor would be worth trying. Presumably if it worked it would be ok to use and not cause any system issues? A Windows 10 driver was suggested on an HP site although I doubt that is particularly recent either.

Click to expand...

It's not the driver that's vulnerable - it's the firmware (kinda like a BIOS update - but it's installed on a different chipset / the BIOS has its own). If someone is remotely connected to your IME - "by default" Windows can not detect that - tho, while having the drivers installed (paired with some of its management tools) or by using Security Tools & Endpoints which can bypass Windows and monitor the IME - one could do that (more commonly used on a enterprise level - since it involves extra costs or time to learn - sometimes both). Many Windows beginners and enthusiasts alike - think Windows Defender is enough to keep their system safe. While black-hat hacking "beginners (most are actually kids/teens - who find the rebellious side of tech exciting - like breaching into systems just for the kicks of it / and also beginners - since they don't actually understand the whole process - not even what they're doing "since they're following step by step online guides at first" )" - are more commonly interested in ways to bypass Windows. Not to mention - it's usually corporate breaches that end-up on the news (you'll rarely hear about the average Joe - like the times their photos end-up on the internet along with some celebrities). So hey, if you're not a person of interest - there's only the chance for some kid to end-up on your system randomly - testing some tool which found your system vulnerable. :)

Thanks. So going back to what I did earlier - installing the 2015 driver and disabling the device. What does this actually do? If IMEI is running all the time, with or without a driver - what does "disabling" it in Device Manager actually do? Does that just disable the driver then?

Sorry to bang on about it At the moment I'm tempted to just leave the HP/Windows driver in, even if old - and get on with it

A bit of googling showed some people with networks of computers are really worried about it, to the point of changing the wifi card to a non intel wifi card. I'm not that worried about it - maybe different circumstances - but out of interest, is that something that would make a difference? I think the idea was a remote hacker couldn't use the IMEI if the wifi card wasn't an Intel one. ie not connect to anything. Can 't quite get my head round that!

Incidentally - our TV also shows up in Device Manager! Just checked on my main laptop and it shows up there as well. Now it is a smart TV but I didnt tell it it could connect to my computer ........... The rest of the smart devices are on a separate guest network with its own network key - for security reasons. I'm wondering what the point of having a tv connected to the laptop would be?

Edit: I'm changing the Smart Tv's wifi login to the guest network. I don't want it connected with computers unless I specifically decide to do that!

Does amd have that annoyance ?