Highlighted
bjson
Bronze

General: BIOS updates due to Intel AMT IME vulnerability

Dear Support-Team,

being owner of an Dell XPS 15 9530 and having read about the latest security vulnerability which describes "an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6" I really would appreciate getting a firmware update for my computer asap.

According to the article the corresponding information was sent to all hardware manufacturersbeforehand. See security-center.intel.com/advisory.aspx for reference.

Having several other DELL computers in our household Vostro 3549, Inspiron 5521, Inspiron 3531 as well, will you generally take on this as other models are affacted also?

Kind regards,

Bjoern

5 Replies
Moderator
Moderator

RE: General: BIOS updates due to Intel AMT IME vulnerability

None of your older systems have the vPro CPU so this doesn't apply to you.
Vostro 3549 release date 7/10/2014
Inspiron 15-3531 release date 5/28/2014
XPS 15-9530 release date 10/29/2013
Inspiron 15R-5521 release date 12/20/2012

* Dell Client Statement on Intel AMT Advisory (INTEL-SA-00075)

* Open the White paper, then the PDF to see system list


Social Media Support
#IWork4Dell
To help us troubleshoot, send us via a private message:
Dell Monitor Service Tag number, 20 digit S/N, A0x revision
Dell PC Service Tag number

Drivers and Downloads
Driver order




0 Kudos

RE: General: BIOS updates due to Intel AMT IME vulnerability

How safe it is to use the Intel Driver Update utility? Will it suggest newer Intel drivers which are not checked by Dell? Mind there is a history of issues particularly with Intel HD video rivers (flicker etc). Unfortunately, latest official drivers at Dell support site were often not good, but the latest drivers from Intel were ocassionally not good either. The problem is that the recent Windows versions seem to force the latest official Dell driver version via Windows Update, and other driver versions get overdriven, unless using blocking with WUShowHide or such. Therefore it is important that Dell handles this.

I guess the issue is more widespread than what the above response suggests. Following the vPro detection instructions at: communities.intel.com/.../DOC-5693 I found the "Intel Management & Security Application User Notification Service" running on my XPS 15 9550. The ME option is present in BIOS, but I have not enabled it. I believe this makes the vulnerability exploitable locally - malware must firstly get into the system by other means, but if it does, no antivirus will be able to detect it and do away with it. AFAIK, the Management engine is present in every recent Intel processor since 2008. So it is extremely important for Dell to react.

In addition, I have the Intel 8260 wifi card, which supposedly supports vPro, making it susceptible for a remote exploit.

I would kindly ask you to specify which drivers are related and which versions are safe, particularly among:

- BIOS

- Intel(R) Management Engine Components Installer

 www.dell.com/.../DriversDetails

- Intel® vPro™ Out of Band

 www.dell.com/.../DriversDetails

- Wifi driver for Intel cards

 www.dell.com/.../DriversDetails

RE: General: BIOS updates due to Intel AMT IME vulnerability

Update: output of Intel-SA-00075 Discovery Tool says: the System is VULNERABLE

And that I should contact my OEM!!!!

Sorry copy/paste doesn't work for a full report

XPS 15 9550

ME version: 11.0.18.1002

SKU: Consumer

State: Not Provisioned

Driver installation found: True

EHBC Enabled: False

LMS service state: Running

microLMS service state: NotPresent

Moderator
Moderator

RE: General: BIOS updates due to Intel AMT IME vulnerability

We are not going to address those systems you have because they are not on the list. I have used the Intel utility on all of my systems. I trust it. Let it install the drivers it needs.


Social Media Support
#IWork4Dell
To help us troubleshoot, send us via a private message:
Dell Monitor Service Tag number, 20 digit S/N, A0x revision
Dell PC Service Tag number

Drivers and Downloads
Driver order




0 Kudos
Moderator
Moderator

RE: General: BIOS updates due to Intel AMT IME vulnerability

Update 5/8, Dell released a PDF that shows which systems were effected. None of your systems are on the list.

OptiPlex
780/790/990/XE2/5040/5050/5250/7010/7040/7050/7440AIO/7450/9010AIO/9010/9020 AIO/9020M/9020/9030

Latitude 5175/5179/5280/5285/5289/5404/5414/5480/5580/7140/7202/7204/7214/7275/7280/7350/7370/7380/7404/7414/7480/XT3
E4240/E4310/E5250/E5270/E5430/E5440/E5450/E5470/E5530/E5540/E5550/E5570/E6220/E6320/E6230/E6330/E6410/E6410ATG/E6420/E6420ATG/E6420XFR/E6430ATG/E6430S/E6430U/E6440/E6440ATG/E6510/E6520/E6530/E6540/E7240/E7250/E7270/E7450/E7470

Precision
3510/3520/3620/3420/5510/5720AIO/5520/7510/7520/7710/7720

T1600/T1650/T1700/T3600/T3600XL/T3610/T5600/T5600XL/T5610/T5810/R7610/T7600/T7610/T7810/T7910
M2800/M4500/M4600/M4700/M4800/M6600/M6700/M6800

XPS
9343/9350/9360/9365

Wyse 7040

Venue 11 Pro 7130


Social Media Support
#IWork4Dell
To help us troubleshoot, send us via a private message:
Dell Monitor Service Tag number, 20 digit S/N, A0x revision
Dell PC Service Tag number

Drivers and Downloads
Driver order




0 Kudos