Invoke - Intel SA 00075 Probe - Windows
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Invoke - Intel SA 00075 Probe - Windows5/9/2017 9:36:53 AM
2Invoke - Intel SA 00075 Probe - Windows5/9/2017 9:48:38 AM
3Invoke - Intel SA 00075 Probe - Windows5/9/2017 10:05:29 AM
4Invoke - Intel SA 00075 Probe - Windows5/12/2017 1:52:22 PM

Description

This Fixlet invokes the Intel SA 00075 Probe on a system to determine if it is vulnerable. The results of this fixlet are provided in the Analysis: Vulnerabilities - Intel SA 00075 - Windows.

This Fixlet will always be relevant -- take care when choosing reapplication criteria.

Per the Unprovisioning Guide, if the Fixlet: Invoke - Intel SA 00075 Unprovision Active Management Technology - Windows has been run and a reboot has not occurred, this Fixlet will not be relevant. The Fixlet is also not relevant for one minute after system reboot.

More information on this vulnerability is available here: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

For general information or to report issues with C3 Inventory content please visit GitHub here: https://github.com/strawgate/C3-Inventory


Property Details

ID24274
TitleInvoke - Intel SA 00075 Probe - Windows
DomainBESC
SourceInternal
Source Release Date5/9/2017 12:00:00 AM
Added by on 5/12/2017 1:52:22 PM
Last Modified by on 5/12/2017 1:52:22 PM
Counters 385 Views / 33 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 1172)
Used in 1044 fixlets and 517 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 6 fixlets and 1 analsis   * Results in a true/false
Show indented relevance
(brand string of main processor as lowercase) contains "intel"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
not pending restart "IntelSA00075"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
uptime of operating system > 1*minute

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
prefetch Intel-SA-00075_1.0.1.6.zip sha1:2309C2BF2138BF3F3461B9B2EE2475FCDAF82328 size:1231195 https://downloadmirror.intel.com/26755/eng/Intel-SA-00075_1.0.1.6.zip sha256:BF22E5086C01278BFA7CA5F22661A2893025087EE340F2D87EEDE643274DCAD3
prefetch unzip.exe sha1:e1652b058195db3f5f754b7ab430652ae04a50b8 size:167936 http://software.bigfix.com/download/redist/unzip-5.52.exe

utility __Download\unzip.exe

waithidden __Download\unzip.exe -o "__Download\Intel-SA-00075_1.0.1.6.zip" -d "__Download"    

override wait
hidden=true
completion=job
wait "__Download\Windows\Intel-SA-00075-console.exe" -f -p "__Download"

if {exists files whose (name of it ends with ".xml") of folder "__Download" of (client folder of current site)}

    if {exists (it as text) whose (it = "Vulnerable") of selects "System/System_Status/System_Risk" of xml documents of files whose (name of it ends with ".xml") of folder "__Download" of (client folder of current site)}
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]" "Vulnerable"=dword:00000001
    else
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]" "Vulnerable"=dword:00000000
    endif

    if {exists (it as text) whose (it = "Exposed") of selects "System/System_Status/System_Exposure" of xml documents of files whose (name of it ends with ".xml") of folder "__Download" of (client folder of current site)}
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]" "Exposed"=dword:00000001
    else
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]" "Exposed"=dword:00000000
    endif
endif

regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool]" "C3Scan"="{now as string}"
Success Criteria

This action will be considered successful when all lines of the action script have completed successfully.


Sharing

Social Media:
Share this page on Yammer

Comments

strawgate -
Hi, Intel just switched it out -- I'm tracking this issue here: https://github.com/strawgate/C3-Inventory/issues/44 I should have this fixed tonight or tomorrow and will shoot you an email when it's fixed.
UWDerm -
Hello Will, I did attempt to run this fixlet and received the following error. Intel-SA-00075_1.0.1.6.zip Failed [-] [+] Download error: "Unexpected HTTP response: 404 Not Found" and when attempting to go direct to https://downloadmirror.intel.com/26755/eng/Intel-SA-00075_1.0.1.6.zip the page is not found, did Intel move the page? Download requested on server: URL: https://downloadmirror.intel.com/26755/eng/Intel-SA-00075_1.0.1.6.zip Hash: (sha1)2309c2bf2138bf3f3461b9b2ee2475fcdaf82328 Size: Next retry: 3 minutes. Retry now