Highlighted
asdfpoui
1 Nickel

URGENT - Intel Management Engine - critical security flaw

Jump to solution

Intel has major security flaws in the Management Engine. You need to read the Intel emergency memo from a few hours ago. In the memo, Intel links a tool to check if your system is vulnerable. Right now neither Dell nor Intel has posted updated software to remedy this critical issue for the XPS 9560 or 9550.

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

0 Kudos
18 Replies
asdfpoui
1 Nickel

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

Intel® Management Engine Critical Firmware Update (Intel SA-00086)

Last Reviewed: 20-Nov-2017

Article ID: 000025619

0 Kudos
jphughan
5 Rhenium

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

Do you understand how updates work?  That security advisory was originally released YESTERDAY, and it doesn't even indicate that INTEL has developed a fix for this yet.  That will probably take a while, especially because security-related code is typically harder to write correctly than "regular" code in order to avoid introducing new bugs.  And then AFTER Intel develops the fix, they have to provide it to OEMs like Dell and others so they can roll that fix into their own BIOS updates.  Then THOSE updates need to be tested internally to make sure nothing else breaks.  If you've been around these forums for a while, you may be aware that some recent BIOS updates have had some adverse side effects like destabilizing USB device connectivity through Dell docks or even wiping out a system's boot device list, rendering it unbootable.  Obviously customers would prefer that things like that don't happen.

Bottom line: The fact that a fix may be critically important to have does not automatically make it possible to deliver right away.  Even if every engineer that would have to be involved with this dropped everything else they were doing to work on this, it would STILL take some amount of time, certainly more than a day especially given that Dell can't do anything until Intel does.

0 Kudos
asdfpoui
1 Nickel

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

Don't shoot the messenger.

Regardless, this needs to be sorted yesterday.

0 Kudos
jphughan
5 Rhenium

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

Lol, ok then.  Well if this is how you feel about security vulnerabilities that Intel has acknowledged and is committing to fix, then I can't wait to see your reaction to the other news that broke about Intel Management Engine last week, which they might NOT fix because "it's not a security vulnerability, it's a feature": thenextweb.com/.../

jgcchmsuser
1 Copper

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

Here Dell lists affected systems and says BIOS releases are now available for download from here.

0 Kudos
Humbirdz
2 Iron

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

We apologize for the inconvenience, but this service is temporarily unavailable. Please try again later. message for Dell statement about intel.

0 Kudos
Moderator
Moderator

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

Here is the Dell statement (for client/consumer systems) on the matter. It will be updated as and when further information is available.


DELL-Alasdair R
Social Media Support
#IWork4Dell
I'm based in the UK and I'm usually available Monday to Friday 10am-5pm GMT (BST)
Get Support on Twitter @DellCaresPro


0 Kudos
SFMIC
1 Copper

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

Is there a similar response for the enterprise/server side of things?

0 Kudos
Moderator
Moderator

RE: URGENT - Intel Management Engine - critical security flaw

Jump to solution

Yes, there is here.


DELL-Alasdair R
Social Media Support
#IWork4Dell
I'm based in the UK and I'm usually available Monday to Friday 10am-5pm GMT (BST)
Get Support on Twitter @DellCaresPro


0 Kudos