Fujitsu Technical Support pages from Fujitsu Indonesia

Product
Support

DOWNLOAD KERANJANG

DOWNLOAD

CONTACTS

PRODUCT SUPPORT

COMMUNITY & INFO

JAMINAN

MySupport

Important information - Javascript inactiv

	The current safety settings of your browser limit the execution of certain elements of this site. To offer the best possible support and to make the navigation on our site as convenient as possible for you it is mandatory to accept JavaScript in the settings of your browser. To receive a flawless presentation please follow these instructions.
	Mozilla Firefox
	In the address bar, type "about:config" (with no quotes), and press Enter. Click "I'll be careful, I promise" In the search bar, search for "javascript.enabled" (with no quotes). Right click or double click the result named "javascript.disabled" and change to "enabled". JavaScript is now enabled.

Intel Firmware vulnerability INTEL-SA-00086

Advisory note: Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update

Reference: Intel security vulnerabilities (INTEL-SA-00086)

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted. Fujitsu and Intel highly recommend that all customers install updated firmware and Intel® Capability License Service on impacted platforms.

For more detailed information please refer to the Intel web site:
https://security-center.intel.com/

Affected Fujitsu products:

A number of Fujitsu products are affected by the vulnerabilities identified in above mentioned Intel firmware versions.

An overview can be found here:
List of affected systems.

Fujitsu strongly advises that all customers install updated firmware / BIOS and Intel® Capability License Service (iCLS) Client Software on impacted platforms. The update process and remediation steps are outlined below.

CVE Reference:

Intel® Manageability Engine Firmware 11.0.x.x/11.5.x.x/11.6.x.x/11.7.x.x/11.10.x.x/11.20.x.x

CVE Number	CVSS
CVE-2017-5705	CVSS 8.2
CVE-2017-5708	CVSS 7.5
CVE-2017-5711	CVSS 6.7
CVE-2017-5712	CVSS 7.2

Intel® Manageability Engine Firmware 8.x/9.x/10.x*

CVE Number	CVSS
CVE-2017-5711*	CVSS 6.7
CVE-2017-5712*	CVSS 7.2

*The two CVEs above were also resolved in earlier generations of Intel ME where certain subsystems share the same code base.

Intel® Server Platform Service 4.0.x.x

CVE Number	CVSS
CVE-2017-5706	CVSS 8.2
CVE-2017-5709	CVSS 7.5

Intel® Trusted Execution Engine 3.0.x.x

CVE Number	CVSS
CVE-2017-5707	CVSS 8.2
CVE-2017-5710	CVSS 7.5

Description:

Based on the items identified through a comprehensive security review, an attacker could gain unauthorized access to platforms, Intel® ME features, and third-party data protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).

This includes scenarios where a successful attacker could:

Impersonate the ME/SPS/TXE, thereby impacting the validity of local security features.
Load and execute arbitrary code outside the visibility of the user and operating system.
Cause a system crash or system instability.

Attention:

Due to the potential exposure of platform keys, Intel will re-provision new platform keys on impacted systems.
Revocation of existing platform keys on impacted systems is being targeted for the first half of 2018 in a coordinated effort with impacted third-party content & service providers.
Re-provisioning of platform keys on impacted systems should occur prior to the revocation to avoid potential interruptions in third-party services.

Recommended steps for remediation:

Step 1: Determine if you have an affected system with Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).

Consult the list of affected Fujitsu systems. This list is updated regularly.

Before proceeding, please check the expected availability of the firmware-/BIOS update package.

Step 2: Download and install the firmware-/BIOS update package (Fujitsu recommends using the BIOS update application in Windows, if available).

To install and download the BIOS or firmware update package, please go to Fujitsu support page and proceed with the following actions:

Select “Browse for Product”.
Select “product line”.
Select “product group” and “product family”.
Select “operating system”.
Download and install the latest firmware- / BIOS update package from the “Driver - AMT“ (LIFEBOOK models only) or “BIOS“ section

Step 3: (not applicable to PRIMERGY systems): Download the Intel Management Engine Driver package

To re-provision the security platform keys, the latest version (Version 1.47.715.0. or higher) of the Intel® Capability License Service (iCLS) Client software is required. The iCLS client software is a part of the Intel® MEI driver software installer package. The Intel Management Engine Driver version 11.7.0.1043 or higher must be installed to ensure the correct iCLS client software version.

To install and download the Intel Management Engine Driver package, please go to the Fujitsu support page and proceed with the following actions:

Select “Browse for Product”.
Select “product line”.
Select “product group” and “product family”.
Select “operating system”.
Download and install the latest Intel Management Engine Driver package from the “Driver - AMT“ section

Should you require any further information at this stage, please contact: G02D-psirt@fujitsu.com.