NetworkBear

This issue seems to affect only 6th to 8th gen intel CPU's, if I read that first intel advisory correctly (assuming it is still the valid advisory for the current issue), so the problematic endpoints will all be several years old now. I could reach out myself, but I'm very much dreading having to deal with lvl1 Lenovo support for something like this, as I assume I will get the same run around you received. If I can find some time to open the support case, I will update this thread with our results. Otherwise I did notice there is a new bios update for my T480s a few days ago that mentions several fixes for CVE's, but i have not had the time to browse through that list yet. I assume the fix for this vulnerable driver would be in an IME update from Lenovo though, and not a BIOS update.

I have to agree with Gregecslo. As far as I can tell, ESET simply seems to be flagging and deleting (in my case) the vulnerable driver file whenever ANYTHING tries to interact with it. I have confirmed this while installing IME updates, checking the IME version, etc. Of course, the file comes right back, and around we go.

Is there a new vuln. advisory for what this "utility" is exploiting? Surely, it can't be the same exact vuln. as the one mentioned in this thread, as that was (supposedly) patched in any number of IME updates since then. That page was last updated back in November 2023 though. I am quite perplexed by the fact the intel check tool is flagging systems with the most up do date IME fw as vulnerable, also. I have, however also started getting ESET alerts for endpoints that come up green on that tool...so I am confused now. I assume this tool may not be checking for the new vuln. I will have to reach out to Lenovo support to inquire (not looking forward to that). If anyone has already done this, please share what information you may have.

Yeah, something is up with these detections. We have just started seeing this pop up on several Lenovo endpoints that have never been flagged for this detection before yesterday. All these endpoints are up to date using Vantage or system update (using IME FW version 11.9.82.4222 on the device I have investigated). I was going to assume these were false positives, but the Intel verification tool from the Intel advisory page also seems to suggest there is a vulnerability on the device (if I am reading that result correctly). I have been unable to get the intel check to come up clean on the affected endpoint I have been working on, so far. ESEt also continues to flag the file every time it is accessed (using MEinfo for example) example affected PC > Thinkpad E470 On my current work PC (Thinkpad T480s) , the Intel check does some up clean, with IME 11.9.04.4494 (also no ESET detections) I guess we stand by for another update. Hopefully it comes around quickly.