With the Intel ME (Management Engine) Vulnerability issue affecting the v2.1 product images for VideoXpert Enterprise, certain measure were taken to mitigate the situation.
Pelco Video Management
Affected VxE Products
Intel ME Vulnerability Mitigation
Intel ME Mitigation Vulnerability Mitigation Tool
1. Disable Intel AMT Services
a. Using the Intel ME Mitigation tool for the console "Intel-SA-00075-console.exe", the following commands were ran under the Windows Command prompt in Administrator Mode.
Intel-SA-00075-console.exe -Unprovision Pel2899100 -n
intel-SA-00075-console.exe -DisableCCM -n
Intel-SA-00075-console.exe -DisableLMS -n
sc config LMS start = disabled
sc delete LMS
sc qc LMS
2. Remove Intel ME hardware drivers
a. Using the Windows Programs and Features Utility, validate the Intel ME Hardware Drivers and Firmware Utility software was removed to prevent hardware from working.
Mitigation Results for VxOPS, VxCOR, VxMGW, and VxCMG
Detection Test Output Before Completing Mitigation Steps
Detection Test Output After Completing Mitigation Steps
Detection Test Output After Completing Mitigation Steps for VxS
Note: If/When prompted to update DO NOT select the auto update feature to go through and proceed. Uncheck the Intel(R) Management Engine Interface update and proceed as usual. Please see reference below for more details.
WARNING: If Windows Automatic Updates are enabled it can interfere with Meinberg's Time Service as it will auto start Windows Time Service. Please check and disable this function should you encounter it.