Intel ME Vulnerability and Mitigation for VxE Product Line

Issue

With the Intel ME (Management Engine) Vulnerability issue affecting the v2.1 product images for VideoXpert Enterprise, certain measure were taken to mitigate the situation. 

Product Line

Pelco Video Management

Environment

Affected VxE Products

VxOPS

VxCor

VxMGW

VxCMG

VxS

Cause

Intel ME Vulnerability Mitigation

Resolution

Intel ME Mitigation Vulnerability Mitigation Tool
https://downloadcenter.intel.com/download/26755?v=t
 

1. Disable Intel AMT Services

a. Using the Intel ME Mitigation tool for the console "Intel-SA-00075-console.exe", the following commands were ran under the Windows Command prompt in Administrator Mode.

Intel-SA-00075-console.exe -Unprovision Pel2899100 -n

intel-SA-00075-console.exe -DisableCCM -n

Intel-SA-00075-console.exe -DisableLMS -n

sc config LMS start = disabled

sc delete LMS

sc qc LMS

 

2. Remove Intel ME hardware drivers

a. Using the Windows Programs and Features Utility, validate the Intel ME Hardware Drivers and Firmware Utility software was removed to prevent hardware from working. 

 

Mitigation Results for VxOPS, VxCOR, VxMGW, and VxCMG

Detection Test Output Before Completing Mitigation Steps

 

 

Detection Test Output After Completing Mitigation Steps

 

 

Detection Test Output After Completing Mitigation Steps for VxS

 

 

Note: If/When prompted to update DO NOT select the auto update feature to go through and proceed. Uncheck the Intel(R) Management Engine Interface update and proceed as usual.  Please see reference below for more details. 

WARNING: If Windows Automatic Updates are enabled it can interfere with Meinberg's Time Service as it will auto start Windows Time Service.  Please check and disable this function should you encounter it.