Revision : 01 -------------------------------------------------------------------------------- Software name Intel Management Engine 9.1 Firmware Support models ThinkPad T440p (Machine types: 20AN, 20AW) ThinkPad T540p (Machine types: 20BE, 20BF) ThinkPad W540 (Machine types: 20BG, 20BH) ThinkPad W541 (Machine types: 20EF, 20EG) Operating Systems Microsoft Windows 10 64-bit Microsoft Windows 8.1 64-bit Microsoft Windows 8 64-bit Microsoft Windows 7 32-bit, 64-bit Refer to marketing materials to find out what computer models support which Operating Systems. Version 9.1.45.3000 -------------------------------------------------------------------------------- WHAT THIS PACKAGE DOES This package updates the following software. - Intel Management Engine Firmware Refer to marketing materials to find out what computer models support Intel Management Engine. Updating the software will fix problems, add new functions, or expand functions as noted below. This program is language dependent, but can be used with any language system. -------------------------------------------------------------------------------- CHANGES IN THIS RELEASE Version 9.1.45.3000 [Important updates] Nothing. [New functions or enhancements] Nothing. [Problem fixes] - Fixed security vulnerability: CVE-2018-3616. -------------------------------------------------------------------------------- DETERMINING WHICH VERSION IS INSTALLED 1. Open the Command Prompt as administrator. [Windows 10/8.1/8] 1. Hold down the Windows logo key and press X to open a menu at the lower -left area of the screen. 2. Select Command Prompt (Admin) from the menu, and select Yes. [Windows 7] 1. Open the Start menu, type cmd in the search box and press Ctrl+Shift+Enter. 2. In the Command Prompt, type the following command and press Enter. [Path where the files were extracted]\MEInfoWin.exe Example: C:\DRIVERS\WIN\ME\MEInfoWin.exe The following information will be displayed. Example: Intel(R) MEInfo Version: 9.1.xx.xxxx Copyright(C) 2005 - 2014, Intel Corporation. All rights reserved. Intel(R) Manageability and Security Application code versions: BIOS Version: xxxxxxWW (x.xx ) MEBx Version: x.x.x.xxxx Gbe Version: x.x VendorID: 8086 PCH Version: x ==> FW Version: 9.1.45.3000 H <== LMS Version: x.x.x.xxxx MEI Driver Version: x.x.x.xxxx 3. Check the FW Version. If you see any errors, check the Device Manager to see if the following device exists and is working properly. Under System devices category, Intel(R) Management Engine Interface If it does not exist, install the following software: Intel Management Engine 11.x Software -------------------------------------------------------------------------------- NOTES - Updating Management Engine firmware while Microsoft BitLocker drive encryption is enabled will cause subsequent boots of the encrypted drive to fail. If you are using BitLocker, refer to BitLocker help for information on how to temporarily disable BitLocker before updating your Management Engine firmware. -------------------------------------------------------------------------------- UPDATE INSTRUCTIONS Important: *for systems with MEFW version older than 9.1.41.3024. - Before updating to this firmware, if you are using Intel Active Management Technology, Intel Small Business Technology, or Intel Standard Manageability, you should first unprovision your system by downloading and following the instructions available on the link below: https://downloadcenter.intel.com/search?keyword=unprovisioning%20tool *If these technologies are not configured on your system, you can disregard above information. *After unprovision and MEFW update, you can then re-provision your system. Note: - If your computer runs satisfactorily now, it may not be necessary to update the software. To determine if you should update the software, refer to the Version Information section. - Confirm first with your IT administrator if updating the Management Engine firmware is necessary. - Prior to the firmware update, connect the AC adapter and fully charged battery (if applicable) to the system. - Downgrading the Management Engine firmware to an older version cannot be allowed. - Make sure the following device is installed in the Device Manager. In the System devices category, Intel(R) Management Engine Interface If it does not exist, install the following software: Intel Management Engine 11.0 Software Manual Update This section assumes to use Internet Explorer and Windows Explorer. Downloading file 1. Select the underlined file name. Once this is done, some pop-up windows will appear. 2. Follow the instructions on the screen. 3. In the window to choose Run or Save, select Save. 4. The download will begin and complete. Once the download has completed, there may or may not be a message stating that the download completed successfully. Extracting file 5. Make sure to be logged on with an administrator account. 6. Locate the folder where the file was downloaded. 7. Locate the file that was downloaded and double-click it. 8. Follow the instructions on the screen. 9. In the Select Destination Location window, select Next. If you would like to select a different folder, select Browse. 10. In the Ready to Install window, select Install. All the necessary files will be extracted to the folder selected in the step 9. Updating 11. Open a Command Prompt as administrator. [Windows 8 or later] [Mouse and Keyboard] 1. Hold down the Windows logo key and press X to open a menu at the lower -left area of the screen. 2. Select Command Prompt (Admin) from the menu, and select Yes. [Touch] 1. From the Start screen, select Desktop. 2. Open a Windows Explorer and select the C drive. 3. Select File, and select Open command prompt > Open command prompt as administrator. [Windows 7] 1. Open the Start menu, type cmd in the search box and press Ctrl+Shift+Enter. 12. In the Command Prompt, type the following command and press Enter. [Path where the files were extracted]\MEUpdate.cmd Example: C:\DRIVERS\WIN\ME\MEUpdate.cmd 13. Read the notifications on the display, type Y and press Enter to proceed. 14. When completed, a system reboot will be initiated to complete the firmware update. 15. Reboot the computer to complete the update. Finally delete the file saved in the step 4. Unattended Install This is for system administrators' use only. 1. Refer to the Manual Install section, and download and extract the file. 2. In step 10 of the `Extracting files` section, uncheck the checkbox next to "Install ..... now", and then select Finish to cancel installation. 3. Open Command Line with Admistrator rights. 4. Navigate to the path where the files were extracted and execute MEUpdate.CMD. Example: [Path where the files were extracted]\MEUpdate.CMD -------------------------------------------------------------------------------- VERSION INFORMATION The following versions have been released to date. Version Build ID Rev. Issue Date ------------- -------- ---- ---------- 9.1.45.3000 GLRG22WW 01 2018/07/27 9.1.43.3004 GLRG21WW 01 2018/04/20 9.1.42.3002 GLRG20WW 01 2017/11/17 9.1.41.3024 GLRG19WW 01 2017/05/19 9.1.37.1002 GLRG18WW 01 2016/02/10 9.1.32.1002 GLRG17WW 01 2015/08/14 9.1.30.1008 GLRG16WW 01 2015/06/29 9.1.25.1005 GLRG13WW 03 2015/05/29 9.1.25.1005 GLRG13WW 02 2015/04/27 9.1.25.1005 GLRG13WW 01 2015/02/10 9.1.20.1035 GLRG12WW 01 2014/11/11 9.1.10.1005 GLRG11WW 01 2014/08/27 9.1.2.1010 GLRG10WW 01 2014/06/26 9.0.31.1487 GLRG09WW 01 2014/01/28 9.0.20.1447 GLRG04WW 01 2013/09/20 Note: Revision number (Rev.) is for administrative purpose of this README document and is not related to software version. There is no need to upgrade this software when the revision number changes. To check the version of software, refer to the Determining which version is installed section. Summary of Changes Where: < > Version number [Important] Important update (New) New function or enhancement (Fix) Correction to existing function <9.1.45.3000> (GLRG22WW) -(Fix) Fixed security vulnerability: CVE-2018-3616. <9.1.43.3004> (GLRG21WW) -(Fix) Fixed the following security vulnerabilites: CVE-2018-3628, CVE-2018-3629 and CVE-2018-3632. <9.1.42.3002> (GLRG20WW) -(Fix) Fixed the following security vulnerabilities: CVE-2017-5711, CVE-2017-5712, CVE-2017-13077, CVE-2017-13078 and CVE-2017-13080. <9.1.41.3024> (GLRG19WW) -(Fix) Fixed the following issue: - Fixed CVE-2017-5689: Escalation of privilege vulnerability in Intel(R) Active Management Technology (AMT), Intel(R) Standard Manageability (ISM), and Intel(R) Small Business Technology. <9.1.37.1002> (GLRG18WW) - (Fix) Fixed the following issues: - Power loss during firmwareupdate may make ME permanently unavailable. Occurs when updating firmware from Intel ME 9.1.31 or later. - ME on workstation sporadically enters recovery mode after firmware update. - Global reset occurs sporadically during power transition stress tests. <9.1.32.1002> (GLRG17WW) - (Fix) Fixed for an arithmetic bug in the implementation of the PlayReady 3.0 license acquisition. <9.1.30.1008> (GLRG16WW) - (New) Added support for Windows 10 64-bit. <9.1.25.1005> (GLRG13WW) - (New) Added support for ThinkPad W541. <9.1.25.1005> (GLRG13WW) - (New) Removed SSL 3.0 support from Intel ME firmware. <9.1.20.1035> (GLRG12WW) - (Fix) Fixed the following issues: - Audit Log returned records with an invalid kerberos user. - Configuring network without providing link policy in AMT_EthernetPortSettings, as SCS did when configuring static IP, might cause Intel AMT to work only in S0 state. - After Intel ME BIOS Payload message, HECI might indicate it was ready to receive messages before it was able to receive. - When ME FW watch dog timer expired while system was transitioning to Sx, the system hanged and did not shut down. <9.1.10.1005> (GLRG11WW) - (Fix) Fixed the following issues: - CIRA connection was not opened when the CIRA initiated a PET event. - PKI provisioning failed when the certificate contained some Organizational Units and the Organizational Unit "Intel(R) Client Setup Certificate" was not listed first. <9.1.2.1010> (GLRG10WW) - [Important] Changed firmware version from 9.0.xx.xxxx to 9.1.xx.xxxx - (Fix) Fixed an issue where provisioning with PKI failed when the DNS infrastructure was implemented with an FQDN that ended with a trailing dot. <9.0.31.1487> (GLRG09WW) - [Important] Added support for Microsoft Windows 8.1 64-bit. - [Important] Removed support for Microsoft Windows 8 32-bit. - (New) Added support for Thinkpad T540p,W540. - (Fix) Fixed the following issues: - Intel AMT network connectivity was disabled if a Non-vPro CPU was replaced by a vPro CPU. - Some values in Open Manageability Development Tool Kit (DTK) were incorrectly displayed. - During stress testing of ME Wake on WLAN in S3, system might shut down to S5 state. - Intel AMT was susceptible to a Denial of Service issue due to a vulnerability in its TCPIP stack. - When Intel ME was in control of the wireless card, power consumption was higher than expected. - SOL and IDER sessions over WLAN might be closed during restart. <9.0.20.1447> (GLRG04WW) - (New) Initial release for ThinkPad T440p. -------------------------------------------------------------------------------- LIMITATIONS Nothing. -------------------------------------------------------------------------------- TRADEMARKS * Lenovo and ThinkPad are registered trademarks of Lenovo. * Intel is a registered trademark of Intel Corporation. * Microsoft, BitLocker, Internet Explorer and Windows are registered trademarks of Microsoft Corporation. Other company, product, and service names may be registered trademarks, trademarks or service marks of others.