being owner of an Dell XPS 15 9530 and having read about the latest security vulnerability which describes "an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6" I really would appreciate getting a firmware update for my computer asap.
According to the article the corresponding information was sent to all hardware manufacturersbeforehand. See security-center.intel.com/advisory.aspx for reference.
Having several other DELL computers in our household Vostro 3549, Inspiron 5521, Inspiron 3531 as well, will you generally take on this as other models are affacted also?
None of your older systems have the vPro CPU so this doesn't apply to you.
Vostro 3549 release date 7/10/2014
Inspiron 15-3531 release date 5/28/2014
XPS 15-9530 release date 10/29/2013
Inspiron 15R-5521 release date 12/20/2012
* Open the White paper, then the PDF to see system list
How safe it is to use the Intel Driver Update utility? Will it suggest newer Intel drivers which are not checked by Dell? Mind there is a history of issues particularly with Intel HD video rivers (flicker etc). Unfortunately, latest official drivers at Dell support site were often not good, but the latest drivers from Intel were ocassionally not good either. The problem is that the recent Windows versions seem to force the latest official Dell driver version via Windows Update, and other driver versions get overdriven, unless using blocking with WUShowHide or such. Therefore it is important that Dell handles this.
I guess the issue is more widespread than what the above response suggests. Following the vPro detection instructions at: communities.intel.com/.../DOC-5693 I found the "Intel Management & Security Application User Notification Service" running on my XPS 15 9550. The ME option is present in BIOS, but I have not enabled it. I believe this makes the vulnerability exploitable locally - malware must firstly get into the system by other means, but if it does, no antivirus will be able to detect it and do away with it. AFAIK, the Management engine is present in every recent Intel processor since 2008. So it is extremely important for Dell to react.
In addition, I have the Intel 8260 wifi card, which supposedly supports vPro, making it susceptible for a remote exploit.
I would kindly ask you to specify which drivers are related and which versions are safe, particularly among:
- Intel(R) Management Engine Components Installer
- Intel® vPro™ Out of Band
- Wifi driver for Intel cards
Update: output of Intel-SA-00075 Discovery Tool says: the System is VULNERABLE
And that I should contact my OEM!!!!
Sorry copy/paste doesn't work for a full report
XPS 15 9550
ME version: 126.96.36.1992
State: Not Provisioned
Driver installation found: True
EHBC Enabled: False
LMS service state: Running
microLMS service state: NotPresent
Update 5/8, Dell released a PDF that shows which systems were effected. None of your systems are on the list.
Venue 11 Pro 7130