Discover Affected Intel Processors Hit By Plundervolt.
Detect all computers which require a microcode update to protect them from the new Intel-SA-00289 vulnerability. This vulnerability could allow attackers to steal information being processed by the processor by taking control over CPU frequency and voltage controls. The Plundervolt audit below provides an overview of all assets that should be updated with a microcode update according to Intel’s advisory. It does this by listing Windows machines with affected processors and that have the Intel SGX Service running. For Linux and Mac it will just check for machines with an affected CPU. You can learn more about this vulnerability in our PlunderVolt blog post.
Intel PlunderVolt Vulnerability Audit Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblProcessor.Name As CPU,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblProcessor On tblAssets.AssetID = tblProcessor.AssetID
Inner Join tblServices On tblAssets.AssetID = tblServices.AssetID
Inner Join tblServicesUni On tblServicesUni.ServiceuniqueID =
tblServices.ServiceuniqueID
Where (tblProcessor.Name Like '%i3-6___%' Or tblProcessor.Name Like '%i3-7___%'
Or tblProcessor.Name Like '%i3-8___%' Or tblProcessor.Name Like '%i3-9___%'
Or tblProcessor.Name Like '%i5-6___%' Or tblProcessor.Name Like '%i5-7___%'
Or tblProcessor.Name Like '%i5-8___%' Or tblProcessor.Name Like '%i5-9___%'
Or tblProcessor.Name Like '%i7-6___%' Or tblProcessor.Name Like '%i7-7___%'
Or tblProcessor.Name Like '%i7-8___%' Or tblProcessor.Name Like '%i7-9___%'
Or tblProcessor.Name Like '%i9-6___%' Or tblProcessor.Name Like '%i9-7___%'
Or tblProcessor.Name Like '%i9-8___%' Or tblProcessor.Name Like '%i9-9___%'
Or tblProcessor.Name Like '%G45__%' Or tblProcessor.Name Like '%G44__%' Or
tblProcessor.Name Like '%G39__%' Or tblProcessor.Name Like '%G46__%' Or
tblProcessor.Name Like '%G49__%' Or tblProcessor.Name Like '%G54__%' Or
tblProcessor.Name Like '%G55__%' Or tblProcessor.Name Like '%G56__%' Or
tblProcessor.Name Like '%Xeon%e3%v6%' Or
tblProcessor.Name Like '%Xeon%e3%v5%' Or tblProcessor.Name Like '%E-21__%'
Or tblProcessor.Name Like '%E-22__%') And tblState.Statename = 'Active' And
tblProcessor.Manufacturer Like '%Intel%' And tblServicesuni.Name = 'AESMService'
Union
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblMacHwOverview.CPUType As CPU,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblMacOSInfo.SystemVersion As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblMacHwOverview On tblAssets.AssetID = tblMacHwOverview.AssetID
Inner Join tblMacOSInfo On tblAssets.AssetID = tblMacOSInfo.AssetID
Where (tblMacHwOverview.CPUType Like '%i3-6___%' Or
tblMacHwOverview.CPUType Like '%i3-7___%' Or tblMacHwOverview.CPUType Like
'%i3-8___%' Or tblMacHwOverview.CPUType Like '%i3-9___%' Or
tblMacHwOverview.CPUType Like '%i5-6___%' Or tblMacHwOverview.CPUType Like
'%i5-7___%' Or tblMacHwOverview.CPUType Like '%i5-8___%' Or
tblMacHwOverview.CPUType Like '%i5-9___%' Or tblMacHwOverview.CPUType Like
'%i7-6___%' Or tblMacHwOverview.CPUType Like '%i7-7___%' Or
tblMacHwOverview.CPUType Like '%i7-8___%' Or tblMacHwOverview.CPUType Like
'%i7-9___%' Or tblMacHwOverview.CPUType Like '%i9-6___%' Or
tblMacHwOverview.CPUType Like '%i9-7___%' Or tblMacHwOverview.CPUType Like
'%i9-8___%' Or tblMacHwOverview.CPUType Like '%i9-9___%' Or
tblMacHwOverview.CPUType Like '%G45__%' Or tblMacHwOverview.CPUType Like
'%G44__%' Or tblMacHwOverview.CPUType Like '%G39__%' Or
tblMacHwOverview.CPUType Like '%G46__%' Or tblMacHwOverview.CPUType Like
'%G49__%' Or tblMacHwOverview.CPUType Like '%G54__%' Or
tblMacHwOverview.CPUType Like '%G55__%' Or tblMacHwOverview.CPUType Like
'%G56__%' Or tblMacHwOverview.CPUType Like '%Xeon%e3%v6%' Or
tblMacHwOverview.CPUType Like '%Xeon%e3%v5%' Or
tblMacHwOverview.CPUType Like '%E-21__%' Or tblMacHwOverview.CPUType Like
'%E-22__%') And tblState.Statename = 'Active'
Union
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tblLinuxProcessors.Version As CPU,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblLinuxSystem.OSRelease As OS,
tblAssets.SP,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblLinuxProcessors On
tblAssets.AssetID = tblLinuxProcessors.AssetID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where (tblLinuxProcessors.Version Like '%i3-6___%' Or
tblLinuxProcessors.Version Like '%i3-7___%' Or
tblLinuxProcessors.Version Like '%i3-8___%' Or
tblLinuxProcessors.Version Like '%i3-9___%' Or
tblLinuxProcessors.Version Like '%i5-6___%' Or
tblLinuxProcessors.Version Like '%i5-7___%' Or
tblLinuxProcessors.Version Like '%i5-8___%' Or
tblLinuxProcessors.Version Like '%i5-9___%' Or
tblLinuxProcessors.Version Like '%i7-6___%' Or
tblLinuxProcessors.Version Like '%i7-7___%' Or
tblLinuxProcessors.Version Like '%i7-8___%' Or
tblLinuxProcessors.Version Like '%i7-9___%' Or
tblLinuxProcessors.Version Like '%i9-6___%' Or
tblLinuxProcessors.Version Like '%i9-7___%' Or
tblLinuxProcessors.Version Like '%i9-8___%' Or
tblLinuxProcessors.Version Like '%i9-9___%' Or
tblLinuxProcessors.Version Like '%G45__%' Or tblLinuxProcessors.Version Like
'%G44__%' Or tblLinuxProcessors.Version Like '%G39__%' Or
tblLinuxProcessors.Version Like '%G46__%' Or tblLinuxProcessors.Version Like
'%G49__%' Or tblLinuxProcessors.Version Like '%G54__%' Or
tblLinuxProcessors.Version Like '%G55__%' Or tblLinuxProcessors.Version Like
'%G56__%' Or tblLinuxProcessors.Version Like '%Xeon%e3%v6%' Or
tblLinuxProcessors.Version Like '%Xeon%e3%v5%' Or
tblLinuxProcessors.Version Like '%E-21__%' Or
tblLinuxProcessors.Version Like '%E-22__%') And tblState.Statename =
'Active' And tblLinuxProcessors.Manufacturer Like '%Intel%'
Order By Domain,
AssetName
