It’s been fun and educational putting my INTEL-SA-00213 Detection Script together. first writing it, refining it, Adding SMB Logging getting feedback from the Reddit PowerShell folks, learning about the PSScriptAnalyzer, etc. But there comes a point where it’s time to walk away from something. This little tool does everything I need. I could tweak and add features, and obsess further, but why? What good will come of it. It’s been a a neat little project but it’s done.
I learned a good deal during this, so for my own mental retention, and to share them let’s recap. There is a preferred order in which to arrange comment based help. Temporary files are best handled using $env:TEMP and New-TemporaryFile. Don’t bother specifying Mandatory=$true or Mandatory=$false in parameters, as it’s implied. Use Write-Debug as a form of commenting instead of pure comments, as it has the added benefit of automatically adding -Verbose functionality. When testing a Web path for validating a parameter, use the -Method Head option for Invoke-WebRequest to avoid downloading the file twice.
This was also my first project build fully in Visual Studio Code and GitHub. Which I now love and will never go back to my old way of version control. (Which was, admittedly, kludgey and stupid…)
All in all, a fun exercise which produced a tool that I will be using to check for and mitigate live vulnerabilities. If you use it let me know, I’d love to hear how it works out for you. If you want any new features or changes, I’d be happy to do that as well.
Here’s the link to get the script.
Following up on yesterdays post about my INTEL-SA-00213 detection script I’ve added some logging functionality. It’s rudimentary, but effective. Pass a valid -LogDir argument and it will generate a results.txt file. The file contains the hostname and output separated by a comma. The script uses Add-Content as well so this can be run from multiple hosts and the results will be appended to existing content.
I plan to make the output file customization via argument as well, and still need to tie this thing into SCCM. As it stands right now though version 2.0 or 2.2 could easily be used for a GPO startup script.
This is rapidly becoming more than just a utility script. I’ve never drilled this deep into parameters before and am learning quite a bit. It’ll be good to keep adding more functionality until I’ve got this thing well baked and I’ve learned as much as I can from it.
Anyway, if anyone is interested, here’s a link to the GitHub repository. I’m always looking for ideas and feedback!
Security Update Page
CSME Detection Tool
So CVE-2019-0090 / INTEL-SA-00213 looks rather ugly, especially given that there is no software fix available. So, I need to to see if any of my nodes are affected. To that end I’m putting together a quick and dirty PowerShell script to make scanning easier. As of now it can automatically download the Intel detection utility from the web from a custom HTTP(S) location or from SMB and then run it and report results.
In the next day or two I’m going to add the ability to log to a remote location and build out a SCCM package and hardware report.
For you you can pass the -DownloadFromWeb or -DownloadFromSMB arguments to tell the script how you’d like to obtain the file. You can also specity -WebURL and -SmbPath to tell the script to download from custom locations. By default the script will download the Intel utility directly from Intel. Stay tuned for updates.
If anyone is interested, here’s a link to the GitHub repository. I’m always looking for ideas and feedback!
Intel Advisory page
Intel security update page
Intel CSME Detection Tool