Advisory note: Intel Firmware vulnerability
In an advisory note on May 1 2017, Intel published security information about an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology.
Reference: INTEL-SA-00075 or CVE-2017-5689
The information below includes a description of the vulnerability and the recommended steps as advised by Intel and Fujitsu for affected product lines.
|Note on Fujitsu products:|
|FUJITSU Server PRIMERGY, FUJITSU Server PRIMEQUEST, FUJITSU Integrated System PRIMEFLEX, and FUJITSU Storage ETERNUS systems are not affected. For further details about Fujitsu portfolio products, please consult the list of affected Fujitsu systems.|
|There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.|
|Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system.|
|You can either:|
|1.||Consult the list of affected Fujitsu systems. This list provides an overview of Fujitsu affected systems introduced since 2012 and is updated regularly.|
|2.||Follow the guide provided by Intel: How To Find Intel® vPro™ Technology Based PCs.
If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system, then no further action is required.
|Step 2: Assess if your Intel® AMT, Intel® SBA, or Intel® ISM capable system has the impacted firmware|
|You can either:|
|1.||Consult the list of affected Fujitsu systems. This list provides with an overview of affected systems introduced since 2012 and is updated regularly.|
|2.||Utilize the Intel Detection Guide. Note: If your version is in the “Resolved Firmware” column then no further action is required.|
|Step 3: Download and install the firmware-/BIOS update package|
|Before proceeding, please check the expected availability of the firmware-/BIOS update package in the list of affected Fujitsu systems.
To install and download the firmware update package, please go to Fujitsu support page and proceed with the following actions:
|If a firmware update is not yet available, alternative mitigation options are provided in the INTEL-SA-00075 Mitigation Guide.|