Microsoft is aware of the Intel Management Engine vulnerability (Intel-SA-00086). The Intel vulnerability detection tool currently lists Microsoft Surface devices as vulnerable to this security advisory.
Microsoft has investigated the issue and found the following:
- Remote exploit of this vulnerability requires Intel Active Management Technology (AMT). Current Surface devices do not allow remote connectivity to the ME because our devices do not run AMT.
- Local exploit of this vulnerability requires Direct Connect Interface (DCI) access via USB, which is not provided on Surface devices.
Because of this, we believe exploits using this vulnerability are significantly reduced on Surface devices. We care deeply about ensuring our devices are reliable and secure and are working with Intel to generate fixes for current devices, which we expect to release in the near future.