URGENT - Intel Management Engine - critical security flaw

Intel® Management Engine Critical Firmware Update (Intel SA-00086)

Last Reviewed: 20-Nov-2017

Article ID: 000025619

Don't shoot the messenger.

Regardless, this needs to be sorted yesterday.

Do you understand how updates work?  That security advisory was originally released YESTERDAY, and it doesn't even indicate that INTEL has developed a fix for this yet.  That will probably take a while, especially because security-related code is typically harder to write correctly than "regular" code in order to avoid introducing new bugs.  And then AFTER Intel develops the fix, they have to provide it to OEMs like Dell and others so they can roll that fix into their own BIOS updates.  Then THOSE updates need to be tested internally to make sure nothing else breaks.  If you've been around these forums for a while, you may be aware that some recent BIOS updates have had some adverse side effects like destabilizing USB device connectivity through Dell docks or even wiping out a system's boot device list, rendering it unbootable.  Obviously customers would prefer that things like that don't happen.

Bottom line: The fact that a fix may be critically important to have does not automatically make it possible to deliver right away.  Even if every engineer that would have to be involved with this dropped everything else they were doing to work on this, it would STILL take some amount of time, certainly more than a day especially given that Dell can't do anything until Intel does.

Here Dell lists affected systems and says BIOS releases are now available for download from here.

We apologize for the inconvenience, but this service is temporarily unavailable. Please try again later. message for Dell statement about intel.

Here is the Dell statement (for client/consumer systems) on the matter. It will be updated as and when further information is available.

Yes, there is here.

Is there a similar response for the enterprise/server side of things?

My laptop Latitude E5470 was originally listed in the Dell statement but later on has been removed from the list. Running the Intel-SA-00086 Detection Tool it clearly states that my system is vulnerable.

Does this mean that Dell will not issue a fix for my laptop?

Hi etal,

I'm looking into why the E5470 was removed from the list and I'll provide an update as soon as I hear back.

I have a similar question.   The Latitude E6410 is not included on the Dell list of affected systems.   Does this mean it is not affected, or just that there is no plan for it to receive an update?   I ran the Intel SA-00086 detection tool, but the results were:  

Detection Error:  This system may be vulnerable.  

Why is Alienware 17 R3 not on the list, when R2 and R4 are on it, and it's a Skylake CPU?

The Intel tool says that my Alienware 17 R3 is affected.

Hi guys,

jburktx - The E6410 is not an affected system so isn't on the list.

etal, elprice7345 and HunterZ0 - I've requested an update from engineering as to why your systems don't appear on the list.

I'll post an update as soon as I can.

Thanks