Microsoft Tech Community Live: Surface Edition
February 15, 2022, 08:00 AM - 12:00 PM (PST)

Intel Management Engine Vulnerability and Surface Devices

Published Jan 31 2019 03:12 PM 421 Views
Occasional Visitor
First published on TECHNET on Dec 11, 2017
Microsoft is aware of the Intel Management Engine vulnerability ( Intel-SA-00086 ). The Intel vulnerability detection tool currently lists Microsoft Surface devices as vulnerable to this security advisory.

Microsoft has investigated the issue and found the following:

  1. Remote exploit of this vulnerability requires Intel Active Management Technology (AMT). Current Surface devices do not allow remote connectivity to the ME because our devices do not run AMT.

  2. Local exploit of this vulnerability requires Direct Connect Interface (DCI) access via USB, which is not provided on Surface devices.


Because of this, we believe exploits using this vulnerability are significantly reduced on Surface devices. We care deeply about ensuring our devices are reliable and secure and are working with Intel to generate fixes for current devices, which we expect to release in the near future.
%3CLINGO-SUB%20id%3D%22lingo-sub-329010%22%20slang%3D%22en-US%22%3EIntel%20Management%20Engine%20Vulnerability%20and%20Surface%20Devices%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-329010%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20TECHNET%20on%20Dec%2011%2C%202017%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20Microsoft%20is%20aware%20of%20the%20Intel%20Management%20Engine%20vulnerability%20(%20%3CA%20href%3D%22https%3A%2F%2Fsecurity-center.intel.com%2Fadvisory.aspx%3Fintelid%3DINTEL-SA-00086%26amp%3Blanguageid%3Den-fr%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%20Intel-SA-00086%20%3C%2FA%3E%20).%20The%20Intel%20vulnerability%20detection%20tool%20currently%20lists%20Microsoft%20Surface%20devices%20as%20vulnerable%20to%20this%20security%20advisory.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Microsoft%20has%20investigated%20the%20issue%20and%20found%20the%20following%3A%20%3CBR%20%2F%3E%3COL%3E%3CBR%20%2F%3E%3CLI%3ERemote%20exploit%20of%20this%20vulnerability%20requires%20Intel%20Active%20Management%20Technology%20(AMT).%20Current%20Surface%20devices%20do%20not%20allow%20remote%20connectivity%20to%20the%20ME%20because%20our%20devices%20do%20not%20run%20AMT.%3C%2FLI%3E%3CBR%20%2F%3E%3CLI%3ELocal%20exploit%20of%20this%20vulnerability%20requires%20Direct%20Connect%20Interface%20(DCI)%20access%20via%20USB%2C%20which%20is%20not%20provided%20on%20Surface%20devices.%3C%2FLI%3E%3CBR%20%2F%3E%3C%2FOL%3E%3CBR%20%2F%3E%20Because%20of%20this%2C%20we%20believe%20exploits%20using%20this%20vulnerability%20are%20significantly%20reduced%20on%20Surface%20devices.%20We%20care%20deeply%20about%20ensuring%20our%20devices%20are%20reliable%20and%20secure%20and%20are%20working%20with%20Intel%20to%20generate%20fixes%20for%20current%20devices%2C%20which%20we%20expect%20to%20release%20in%20the%20near%20future.%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-329010%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20TECHNET%20on%20Dec%2011%2C%202017%20Microsoft%20is%20aware%20of%20the%20Intel%20Management%20Engine%20vulnerability%20(Intel-SA-00086).%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-329010%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESurface%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esurfacetech%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Version history
Last update:
‎Jan 31 2019 03:12 PM
Updated by: