Invoke - Intel SA 00075 Probe - Windows
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Invoke - Intel SA 00075 Probe - Windows5/9/2017 9:36:53 AM
2Invoke - Intel SA 00075 Probe - Windows5/9/2017 9:48:38 AM
3Invoke - Intel SA 00075 Probe - Windows5/9/2017 10:05:29 AM
4Invoke - Intel SA 00075 Probe - Windows5/12/2017 1:52:22 PM
5Invoke - Intel SA 00075 Probe - Windows6/6/2017 9:52:36 AM
6Invoke - Intel SA 00075 Probe - Windows6/8/2017 6:37:56 AM

Description

This Fixlet invokes the Intel SA 00075 Probe on a system to determine if it is vulnerable. The results of this fixlet are provided in the Analysis: Vulnerabilities - Intel SA 00075 - Windows.

This Fixlet will always be relevant -- take care when choosing reapplication criteria.

Per the Unprovisioning Guide, if the Fixlet: Invoke - Intel SA 00075 Unprovision Active Management Technology - Windows has been run and a reboot has not occurred, this Fixlet will not be relevant. The Fixlet is also not relevant for one minute after system reboot.

More information on this vulnerability is available here: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

For general information or to report issues with C3 Inventory content please visit GitHub here: https://github.com/strawgate/C3-Inventory


Property Details

ID24410
TitleInvoke - Intel SA 00075 Probe - Windows
DomainBESC
SourceInternal
Source Release Date5/9/2017 12:00:00 AM
Added by on 6/8/2017 6:37:56 AM
Last Modified by on 6/8/2017 6:37:56 AM
Counters 4383 Views / 75 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 1172)
Used in 1112 fixlets and 524 analyses   * Results in a true/false
Show indented relevance
windows of operating system
Used in 8 fixlets and 1 analsis   * Results in a true/false
Show indented relevance
(brand string of main processor as lowercase) contains "intel"
Used in 3 fixlets   * Results in a true/false
Show indented relevance
not pending restart "IntelSA00075"
Used in 3 fixlets   * Results in a true/false
Show indented relevance
uptime of operating system > 1*minute

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
prefetch 00075.zip sha1:F0B9B673144A4E0EAD3468FD1F24535BC5F98E48 size:7867800 https://downloadmirror.intel.com/26755/eng/Intel-SA-00075%20Detection%20and%20Mitigation%20Tool.zip sha256:AC9D86C677E6006E085E309881A6423384A9D339BEA926D2888BC2D2D96F20D5

prefetch unzip.exe sha1:e1652b058195db3f5f754b7ab430652ae04a50b8 size:167936 http://software.bigfix.com/download/redist/unzip-5.52.exe

utility __Download\unzip.exe

waithidden __Download\unzip.exe -o "__Download\00075.zip" -d "__Download"

waithidden msiexec /i "__Download\Intel-SA-00075 Detection and Mitigation Tool.msi" /qn

override wait
hidden=true
completion=job
wait "{pathname of file "Intel-SA-00075-console.exe" of folder "Intel\Intel-SA-00075 Detection and Mitigation Tool" of program files x32 folder}" -Discover -f -p "__Download"

if {exists files whose (name of it ends with ".xml") of folder "__Download" of (client folder of current site)}

    if {exists (it as text) whose (it = "Vulnerable") of selects "System/System_Status/System_Risk" of xml documents of files whose (name of it ends with ".xml") of folder "__Download" of (client folder of current site)}
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]" "Vulnerable"=dword:00000001
    else
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]" "Vulnerable"=dword:00000000
    endif

    if {exists (it as text) whose (it = "Exposed") of selects "System/System_Status/System_Exposure" of xml documents of files whose (name of it ends with ".xml") of folder "__Download" of (client folder of current site)}
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]" "Exposed"=dword:00000001
    else
        regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool\ME Firmware Information]" "Exposed"=dword:00000000
    endif
endif

regset "[HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00075 Discovery Tool]" "C3Scan"="{now as string}"


waithidden msiexec /x "__Download\Intel-SA-00075 Detection and Mitigation Tool.msi" /qn
Success Criteria

This action will be considered successful when all lines of the action script have completed successfully.


Sharing

Social Media:
Share this page on Yammer

Comments

JasonWalker -
I see the download at prefetch 00075.zip sha1:b57af4eaef2cea78cc80ba61ff4bd5e79f99bea5 size:13833172 https://downloadmirror.intel.com/26755/a08/Intel-SA-00075%20Detection%20and%20Mitigation%20Tool.zip sha256:5be83d38ca159fa459740385589e6e892293bc999186ea4da88998d47624a319
JasonWalker -
I think they've changed the URL again, I'm getting a 404 response.
strawgate -
I have republished with the updated Intel download url. Give it another shot.