Advisory note: Intel Q3'17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
Reference: Intel security vulnerabilities (INTEL-SA-00086)
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted. ASRock and Intel highly recommend that all customers install updated firmware and Intel® Capability License Service on impacted platforms.

For more detailed information please refer to the Intel web site:
https://security-center.intel.com/
Affected ASRock Products:
Intel 300 series
ASRock provides the BIOS for customers to update the ME firmware.
Please refer to the download link for ASRock 300 series motherboards:
http://www.asrock.com/support/index.asp?Model=Z370

Intel 100 and 200 series
ASRock provides the firmware package for customers to update the ME firmware.
There are 2 kinds of ME packages.
If your model is Intel 100/200 series but not in the following list, please download package ME1.
ME1

If your model is Q170 series or in the following list, please download package ME2.
ME2



B150 Combo
B150 Gaming K4
B150 Gaming K4_D3
B150M Combo-G
B150M Pro4
B150M Pro4S
B150M Pro4V
B150M Pro4_D3
B150M Pro4_Hyper
B150M-HDV
B150M-HDV_D3
B150M-ITX
B150M-PIO
B150M-PIO2
H170 Combo
H170 Pro4_D3
H170 Combo
H170 Pro4_D3
H170 Pro4
H170 Pro4S
H170 Performance_D3
H170 Performance_ Hyper
H170 Pro4_Hyper
H170M Pro4
H170M-ITX_ac
H170M-ITX_DL
B150M Pro4S_D3
B150M-ITX_D3
H170 Performance
H170M Pro4S


Steps to update Intel ME:
Windows:
Step1: Please double-click UPDATEME64 to execute the program.

Step2: The system will run the program.

Step3: After finishing the update, the command prompt window will close automatically.

Please restart the system and then the ME firmware update is completed.




DOS:
Pre-install: Please have a DOS bootable USB flash drive ready. For help to how to create one please visit:
https://www.howtogeek.com/136987/how-to-create-a-bootable-dos-usb-drive/
Copy the files of the DOS firmware package to the root of the USB drive.
Step1: Please press [F11] during bootup to enter to the boot menu and boot from the USB drive.
Step2: The system will enter DOS environment.

Step3: At the command prompt please enter "updateme" to start the program.

Step4: After the message showing the update is complete, please restart the system. Then the ME firmware update is completed.