Unsolved
1 Message
1
726
November 22nd, 2022 05:00
Security Updates for Intel Management Engine
Dear Dell staff,
My XPS 13 9360 is feeling well after 5 years of use and wants to go for another period. But I'm concerned because the firmware must be secure, and providing BIOS updates including security fixes for the Intel Management Engine (CSME) by Dell stopped earlier this year.
According to this page no update is planned:
https://www.dell.com/support/kbdoc/en-us/000205135/dsa-2022-312-dell-client-security-update-for-intel-november-2022-3-ipu-vulnerabilities?lwp=rt
Could you please help your customers a little – outside of the official support, which ended for all selled devices of this product (or offer extended support limited to security fixes)?
IMO you could do this easily, as it only means forwarding the pieces from Intel, which they provide to manufacturers only and not me as end consumer. It works. I could successfully update to the current firmware, so that the CSME Version Detection Tool reports:
Version: 11.8.93.4323
Status: DISCOVERY_NOT_VULNERABLE_PATCHED
This is the procedure to update the firmware for Intel Management Engine - provided that you know how, done in 5 minutes
1) Figure out the correct packages and parameters from https://winraid.level1techs.com/t/intel-converged-security-management-engine-drivers-firmware-and-tools-2-15/30719
2) Get and extract the current firmware package behind the link "CSME 11.8 Corporate LP C NPDM", file "CSME 11.8 COR LP C NPDM v11.8.93.4323.rar"
3) Execute this command:
FWUpdLcl64.exe -F ME_11.8_Corporate_C0_LP_Production.bin -OEMID 68853622-EED3-4E83-8A86-6CDE315F6B78
I'd be really happy to perform this with official sources provided by Dell as manufacturer (assets are there – Intel is actively supporting) instead of grabbing somewhere from the net. This is very little effort from your side, and as all warranties ended for those old models, risk is on customer's side anyway. I don't care, because I wouldn't use the laptop for important work with vulnerable firmware anyway, so an (unlikely) accident on updating wouldn't render anything worse.
Would that be possible?
Kind regards
laptopper
0 events found