Product
Support
PASTA DE DOWNLOAD

Intel Firmware vulnerability INTEL-SA-00075 or CVE-2017-5689

Advisory note: Intel Firmware vulnerability

In an advisory note on May 1 2017, Intel published security information about an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology.

Reference: INTEL-SA-00075 or CVE-2017-5689

The information below includes a description of the vulnerability and the recommended steps as advised by Intel and Fujitsu for affected product lines.
Note on Fujitsu products:
FUJITSU Server PRIMERGY, FUJITSU Server PRIMEQUEST, FUJITSU Integrated System PRIMEFLEX, and FUJITSU Storage ETERNUS systems are not affected. For further details about Fujitsu portfolio products, please consult the list of affected Fujitsu systems.

Summary:
There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.

Description:
  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
Recommended steps:
Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system.
You can either:
1. Consult the list of affected Fujitsu systems. This list provides an overview of Fujitsu affected systems introduced since 2012 and is updated regularly.
2. Follow the guide provided by Intel: How To Find Intel® vPro™ Technology Based PCs.
If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system, then no further action is required.
Step 2: Assess if your Intel® AMT, Intel® SBA, or Intel® ISM capable system has the impacted firmware
You can either:
1. Consult the list of affected Fujitsu systems. This list provides with an overview of affected systems introduced since 2012 and is updated regularly.
2. Utilize the Intel Detection Guide. Note: If your version is in the “Resolved Firmware” column then no further action is required.
Step 3: Download and install the firmware-/BIOS update package
Before proceeding, please check the expected availability of the firmware-/BIOS update package in the list of affected Fujitsu systems.
To install and download the firmware update package, please go to Fujitsu support page and proceed with the following actions:
  • Select “Browse For Product”.
  • Select your “product line”.
  • Select your “product group” and “product family”.
  • Select your operating system.
  • Download and install the latest firmware-/BIOS update package from the „AMT“/„BIOS“ section (Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 8.1.71.3608.).
If a firmware update is not yet available, alternative mitigation options are provided in the INTEL-SA-00075 Mitigation Guide.
Por favor seleccione o produto 
Por favor seleccione o produto