BIOS A26, does not fix CVE

Question

Dear support, I have installed the bios update a26 in our organization.  this bios update should solve the vulnerability Microprocessor Side-Channel Vulnerabilities (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754). but unfortunately after the bios update this is not resolved. I have checked this with powershell by running the following script. # Set-ExecutionPolicy RemoteSigned -Scope CurrentuserImport-Module c: \ ps \ SpeculationControl.psd1Get-SpeculationControlSettings according to dell should fix the vulnerabilty after this bios update, but with the 7010 this is not the case. It says behind 'hardware support'. see powershell screenshot. Does anyone have a solution to this problem, since the is now vulnerable.     from: http://www.dell.com/support/article/nl/nl/nldhs1/sln308587/microprocessor-side-channel-vulnerabilities--cve-2017-5715--cve-2017-5753--cve-2017-5754---impact-on-dell-products?lang=en Patch Guidance: There are two essential components that need to be applied to mitigate the above-mentioned vulnerabilities: Apply the firmware update via BIOS update listed below, see the table in Dell Consumer and Commercial Client Products Affected section below. Apply the applicable operating system patch, see the OS Patch Guidance section below.

letouzey · Answer

Similarly, I deployed bios update A27 on some Optiplex 9010 here (file O9010A27.exe). The details given by Dell for this update claim : 'Update to the latest CPU microcode to address CVE-2017-5715' (one of the Spectre vulnerability). But after installation, the processor microcode has version 0x1c (a microcode released in 2015). So I can't see how this could be a fix for Spectre. NB: this bios update also (or only?) upgrades the ME (Intel infamous Management Engine) to solve various bugs in it, but that's unrelated to Spectre. Pierre Letouzey, University Paris Diderot PS: For now there's still no bios update available for Optiplex 3010 and 3030 AIO, the two other kinds of machines we have here in our teaching lab.

Srele · Answer

I have the same problem on my 7010.

letouzey · Answer

Update : the description of BIOS A27 for Optiplex 9010 has been updated (on 16 jan 2018), removing any mention of CVE-2017-5715 (Spectre) anymore, leaving only fixes related to Intel ME.   P. Letouzey

Optiplex Desktops

Was this post helpful?