Intel® Firmware vulnerability INTEL-SA-00086
The information below includes a description of the vulnerability and details the steps recommended by Intel® and Fujitsu that users should take to remediate affected products.
Vulnerability Summary:
In response to issues identified by external researchers, Intel® has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel® has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted. Fujitsu and Intel® highly recommend that all customers install updated firmware and Intel® Capability License Service on impacted platforms.
Details about the vulnerability:
A vulnerability could allow an attacker to perform the following attacks:
- Impersonate the ME/SPS/TXE, thereby impacting the validity of local security features.
- Load and execute arbitrary code outside the visibility of the user and operating system.
- Cause a system crash or system instability.
For more detailed information, and the Intel® CSME Version Detection Tool, please refer to
Recommended steps:
- It is necessary to update the BIOS or firmware, and Intel® driver software.
- Consult the list of affected Fujitsu systems for the timing of BIOS, firmware and driver availability.
-
To download the respective updates for your system, please go to the Fujitsu Support page and perform the following steps:
- Select Product.
- Select Series.
- Select Model.
- Press Go.
- Download and install the latest BIOS update package.
Affected Products:
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.