
Product
Support
Support
2020.1 INTEL PLATFORM UPDATE (IPU)
Intel 2020.1 IPU covering Intel® CSME, SPS, TXE, AMT & DAL updates, Intel® Firmware (BIOS) updates, Intel® Processor Microcode (MCU) updates and Intel® SSD updates | ||||||||||||||||||||||
Fujitsu Communication | ||||||||||||||||||||||
| ||||||||||||||||||||||
Advisory Description | ||||||||||||||||||||||
INTEL-SA-00295: 2020.1 IPU – Intel® CSME, SPS, TXE, AMT & DAL Advisory | ||||||||||||||||||||||
Multiple potential security vulnerabilities in Intel® Converged Security and Management Engine (Intel® CSME), Server Platform Services (Intel® SPS), Trusted Execution Engine (Intel® TXE), Intel® Active Management Technology (Intel® AMT) and Intel® Dynamic Application Loader (Intel® DAL) may allow a denial of service, information disclosure or an escalation of privilege. The detailed description of the vulnerabilities with at least a high or critical CVSS base score is as follows:
The audience may please refer to further publications by manufacturer Intel® on the 2020.1 IPU – Intel® CSME, SPS, TXE, AMT & DAL Advisory (INTEL-SA-00295), such as the corresponding section addressing Intel® AMT, Intel® ISM, VU#257161 and Ripple20, for additional technical details about INTEL-SA-00295. | ||||||||||||||||||||||
Potential Impact: | ||||||||||||||||||||||
According to the information provided the potential impact of INTEL-SA-00295 is: Denial of Service, Information Disclosure, Privilege Escalation | ||||||||||||||||||||||
INTEL-SA-00322: 2020.1 IPU – Intel® Firmware (BIOS) Advisory | ||||||||||||||||||||||
Multiple potential security vulnerabilities in BIOS firmware for Intel® Processors may allow a denial of service and/or an escalation of privilege. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
| ||||||||||||||||||||||
Potential Impact: | ||||||||||||||||||||||
According to the information provided the potential impact of INTEL-SA-00322 is: Denial of Service, Privilege Escalation | ||||||||||||||||||||||
INTEL-SA-00320: 2020.1 IPU – Intel® Special Register Buffer Data Sampling (SRBDS) Advisory | ||||||||||||||||||||||
A potential security vulnerability in some Intel® Processors may allow information disclosure. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
The audience may please refer to further publications by manufacturer Intel® on the 2020.1 IPU – Intel® Special Register Buffer Data Sampling (SRBDS) Advisory, such as the corresponding article Deep Dive: Special Register Buffa Data Sampling, for additional technical details about SRBDS. | ||||||||||||||||||||||
Potential Impact: | ||||||||||||||||||||||
According to the information provided the potential impact of INTEL-SA-00320 is: Information Disclosure | ||||||||||||||||||||||
INTEL-SA-00329: 2020.1 IPU – Intel® Processors Data Leakage (PDL) Advisory | ||||||||||||||||||||||
Multiple potential security vulnerabilities in some Intel® Processors may allow information disclosure. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
The audience may please refer to further publications by manufacturer Intel® on the 2020.1 IPU – Intel® Processors Data Leakage (PDL) Advisory, for additional technical details about PDL. | ||||||||||||||||||||||
Potential Impact: | ||||||||||||||||||||||
According to the information provided the potential impact of INTEL-SA-00329 is: Information Disclosure | ||||||||||||||||||||||
2020.1 IPU – Intel® Processor Microcode (MCU) Updates | ||||||||||||||||||||||
Additionally, multiple functional updates took place in Intel® Processor Microcode (MCU), affecting server EX/EP products (incl. D, W, X) and referring to:
Higher rates of memory errors have been observed on Intel's Skylake (SKX SP) and Cascade Lake (CLX SP) based server platforms (code named Purley). Mitigations and workarounds are focused in the following area:
There were no additional CVEs assigned to these FUNCTIONAL updates. | ||||||||||||||||||||||
INTEL-SA-00266: 2020.1 IPU – Intel® SSD Advisory | ||||||||||||||||||||||
A potential security vulnerability in Intel® SSD (Solid State Drive) products may allow information disclosure. The detailed description of the vulnerabilities with at least a high or critical CVSS base score is as follows:
| ||||||||||||||||||||||
Potential Impact: | ||||||||||||||||||||||
According to the information provided the potential impact of INTEL-SA-00266 is: Information Disclosure | ||||||||||||||||||||||
CVE Reference (INTEL-SA-00295, INTEL-SA-00322, INTEL-SA-00320, INTEL-SA-00329, INTEL-SA-00266) | ||||||||||||||||||||||
INTEL-SA-00295: 2020.1 IPU – Intel® CSME, SPS, TXE, AMT & DAL Advisory | ||||||||||||||||||||||
The description of the vulnerabilities with at least a high or critical CVSS base score is as follows: | ||||||||||||||||||||||
| ||||||||||||||||||||||
INTEL-SA-00322: 2020.1 IPU – Intel® Firmware (BIOS) Advisory | ||||||||||||||||||||||
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows: | ||||||||||||||||||||||
| ||||||||||||||||||||||
INTEL-SA-00320: 2020.1 IPU – Intel® Special Register Buffer Data Sampling (SRBDS) Advisory | ||||||||||||||||||||||
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows: | ||||||||||||||||||||||
| ||||||||||||||||||||||
INTEL-SA-00329: 2020.1 IPU – Intel® Processors Data Leakage (PDL) Advisory | ||||||||||||||||||||||
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows: | ||||||||||||||||||||||
| ||||||||||||||||||||||
INTEL-SA-00266: 2020.1 IPU – Intel® SSD Advisory | ||||||||||||||||||||||
The description of the vulnerabilities with at least a high or critical CVSS base score is as follows: | ||||||||||||||||||||||
| ||||||||||||||||||||||
Links for Technical Details | ||||||||||||||||||||||
Technical details of the potential security vulnerabilities and functional issues are documented online:
| ||||||||||||||||||||||
Affection and Remediation | ||||||||||||||||||||||
Affected Fujitsu Products | ||||||||||||||||||||||
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched. An overview of the affected Client Computing Devices (e.g. CELSIUS, ESPRIMO, FUTRO, LIFEBOOK, STYLISTIC) and Server products (PRIMERGY and PRIMEQUEST) can be found here: List of affected Fujitsu products (APL) This page will be updated regularly as soon as new information is available. Besides a list of affected systems, also more detailed advice will follow. NOTE: Intel® Security Advisories INTEL-SA-00330, INTEL-SA-00334 and INTEL-SA-00366 are not part of this 2020.1 Intel Platform Update (IPU). | ||||||||||||||||||||||
Recommended Steps for Remediation | ||||||||||||||||||||||
Remediation via BIOS Update | ||||||||||||||||||||||
Step 1: Determine whether you have an affected system. | ||||||||||||||||||||||
Refer to the list of affected Fujitsu products (APL). This list is updated regularly. Before proceeding, please check the expected availability of the relevant BIOS update package. | ||||||||||||||||||||||
Step 2: Download and install the BIOS update package. | ||||||||||||||||||||||
To download and install the BIOS update package, please go to the Fujitsu Technical Support page and follow these steps:
| ||||||||||||||||||||||
Remediation via Management Engine (ME) Update | ||||||||||||||||||||||
Updating the ME firmware is an alternative to updating the BIOS and used when a BIOS update is not planned. However, it may only be available for some specific Client Computing Devices. | ||||||||||||||||||||||
Step 1: Determine whether you have an affected system. | ||||||||||||||||||||||
Refer to the list of affected Fujitsu products (APL). This list is updated regularly. Before proceeding, please check the expected availability of the relevant ME update package. | ||||||||||||||||||||||
Step 2: Download the ME update package. | ||||||||||||||||||||||
To download the ME update package, please go to the Fujitsu Technical Support page and follow these steps:
| ||||||||||||||||||||||
Step 3: Preparation. | ||||||||||||||||||||||
After downloading the .zip file, containing the ME Firmware Update Pack, extract all files/directories/subdirectories in the Firmware.ME directory (\Firmware.ME) of the .zip file to the desired directory on the hard drive. | ||||||||||||||||||||||
Step 4: ME Update Procedure. | ||||||||||||||||||||||
The "Firmware.ME" directory contains the ME update files which can be used in Windows environment. Run "update.bat" in Windows cmd environment with administrative privileges to start the ME flash procedure. Please choose 32-bit or 64-bit directory if using a Windows 32-bit or a Windows 64-bit installation. | ||||||||||||||||||||||
Hints:
| ||||||||||||||||||||||
Links for Software Security Updates | ||||||||||||||||||||||
Vendor Fujitsu support.ts.fujitsu.com | ||||||||||||||||||||||
Vendor Intel security-center.intel.com/ | ||||||||||||||||||||||
Further Information | ||||||||||||||||||||||
Contact Details | ||||||||||||||||||||||
Should you require any further security-related assistance, please contact: G02D-PSIRT@ts.fujitsu.com. | ||||||||||||||||||||||
Legal Statement | ||||||||||||||||||||||
Fujitsu does not manufacture the affected microprocessors, that Fujitsu buys from third party suppliers and integrates into its products. Therefore, this communication is based on the information and recommendations Fujitsu has received from the third party suppliers of the affected microprocessors. Fujitsu does not warrant that this communication is applicable or complete for all customers and all situations. Fujitsu recommends that customers determine the applicability of this communication to their individual situation and take appropriate measures. Fujitsu is not liable for any damages or other negative effects, resulting from customers’ use of this communication. All details of this communication are provided "as is" without any warranty or guarantee. Fujitsu reserves the right to change or update this communication at any time. Websites of other companies referred to in this communication are the sole responsibility of such other companies. Fujitsu does not assume any liability with respect to any information and materials provided by its suppliers, including on such websites. Designations may be protected by trademarks and/or copyrights of Fujitsu or the respective owners, the use of which by third parties for their own purposes may infringe the rights of such owners. |