Unsolved
This post is more than 5 years old
3 Posts
0
1553
April 29th, 2019 16:00
790 SFF, Intel SA-00086 vulnerability
Hi,
I have just run Intel's SA-00086 Detection Tool, and it says my 790 SFF is vulnerable to the vulnerability.
Will Dell be releasing an updated BIOS for this 2011 system? I looked on Dell's support page for this vulnerability but the 790 is not listed?
No Events found!
speedstep
11 Legend
•
47K Posts
0
April 30th, 2019 04:00
Dell has released several.
HOWEVER depending on how old the bios is you may have to update in stages. You cant jump from A00 to A22 in one giant leap.
This package contains the BIOS update for Dell OptiPlex 790 that runs Windows and DOS operating systems. BIOS is a firmware that is embedded on a small memory chip on the computer's system board. It controls the keyboard, monitor, disk drives and other devices. This package contains the update for CPU microcode to address Intel Security Advisory INTEL-SA-00115 (CVE-2018-3639 and CVE-2018-3640).More details
This package provides the BIOS update for Dell OptiPlex 790 running in the following Operating Systems: Windows and DOS.More details
This package provides the BIOS update for Dell OptiPlex 790 running in the following Operating Systems: Windows and DOS.More details
This package provides the BIOS update for Dell OptiPlex 790 running in the following Operating Systems: Windows and DOS.More details
This package provides the BIOS Update on OptiPlex 790 that is running on following Operating Systems: Windows & DOS.More details
OptiPlex 790 System BIOSMore details
OptiPlex 790 System BIOSMore details
OptiPlex 790 System BIOSMore details
OptiPlex 790 System BIOSMore details
OptiPlex 790 System BIOSMore details
This package provides the Dell System BIOS update and is supported on Dell OptiPlex 790 systems running Windows and DOS operating systems. This update fixes the issue where Dell Diagnostics does not detect the thermal sensor.More details
OptiPlex 790 System BIOSMore details
OptiPlex 790 System BIOSMore details
OptiPlex 790 System BIOSMore details
OptiPlex 790 System BIOSMore details
OptiPlex 790 System BIOSMore details
Spud74
3 Posts
0
May 7th, 2019 03:00
Thanks,
I am already on the latest A22 BIOS and it is vulnerable to the SA-00086 vulnerability, as shown in the results of the SA-00086 detection tool's result in the 1st post.
Hopefully Dell are still working on these vulnerabilities and they will release further updates to these vulnerabilities.
Spud74
3 Posts
0
May 7th, 2019 07:00
Thanks, but upon looking through the list of fixes issued on that document, sandy Bridge proccesors are supposedly fixed with fixes in production, but mine apparently hasn't been?
I know your not employed by Dell, and I thank you for your help, but seems strange Dell claim one thing and not deliver on it....
Cheers
speedstep
11 Legend
•
47K Posts
0
May 7th, 2019 07:00
790's are over 10 years old.
Its not likely there will be any more fixes for an end of life, end of support system.
Intel has also stated that there will be no further mitigations for older processors and chipsets.
Including no fix for
.
Penryn/QC
Intel® Core™2 Extreme Processor X9000, X9100
Intel® Core™2 Quad Processor Q9000, Q9100
Intel® Core™2 Duo Processor T6400, T6500, T6670, T8100,
T8300, T9300, T9400, T9500, T9550, T9600, T9800,
T9900, SU9300, SU9400, SU9600, SP9300, SP9400,
SP9600, SL9380, SL9400, SL9600, SL9300, P7350, P7370,
P7450, P7550, P7570, P8400, P8600, P8700, P8800,
P9500, P9600, P9700
Intel® Core™2 Solo Processor SU3500, ULV SU3500
Wolfdale
Intel® Core™ 2 Duo Processor E7200, E7300, E8190, E8200, E8300, E8400, E8500
Intel® Core™ 2 Duo Processor E7400, E7500, E8400,E8500, E8600
Intel® Pentium® Processor E5200, E5300, E5400, E5500, E5700, E5800, E6300, E6500, E6500K, E6600, E6700, E6800
Intel® Celeron® Processor E3200, E3300, E3400, E3500
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
There are several reasons that Intel mentions in the documentation and which it says were decisive for not addressing Meltdown and Spectre design flaws in some of the impacted products:
• Micro-architectural characteristics that preclude a practical implementation of features mitigating Variant 2 (CVE-2017-5715)
• Limited Commercially Available System Software support
• Based on customer inputs, most of these products are implemented as “closed systems” and therefore are expected to have a lower likelihood of exposure to these vulnerabilities.
In other words, Intel says that it will not continue developing new microcode updates to address Meltdown and Spectre.
speedstep
11 Legend
•
47K Posts
0
May 7th, 2019 07:00
Versions of the INTEL-SA-00086 Detection Tool earlier than 1.0.0.146 did not check for CVE-2017-5711 and CVE-2017-5712. These CVEs only affect systems with Intel® Active Management Technology (Intel® AMT) version 8.x-10.x. Users of systems with Intel AMT 8.x-10.x are encouraged to install version 1.0.0.146, or later. Installing this version helps to verify the status of their system with regard to the INTEL-SA-00086 Security Advisory. You can check the version of the INTEL-SA-00086 Detection Tool by running the tool and looking for the version information in the output window.
speedstep
11 Legend
•
47K Posts
0
May 7th, 2019 07:00
SA 0086 describes issues related to security vulnerabilities found in the Intel® Management Engine Firmware.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00086.html
Intel Q3’17 ME 6.x/7.x/8.x/9.x/10.x/11.x, SPS 4.0, and TXE 3.0
Physical access is required to exploit a vulnerability see the FAQ section listed in the Intel Customer Support article http://www.intel.com/sa-00086-support
The 790 is listed as using Intel® AMT v7.0
OptiPlex 790 Owner's Manual (Mini-Tower) PDF
OptiPlex 790 Owner's Manual (Desktop) PDF
OptiPlex 790 Owner's Manual (Small Form Factor) PDF
OptiPlex 790 Owner's Manual (Ultra Small Form Factor) PDF
OptiPlex 790 System Board Mode Configuration PDF