Skip to main content

Fujitsu

Français

Canada

Archived content

NOTE: this is an archived page and the content is likely to be out of date.

Advisory note: Intel Firmware vulnerability

Intel published security information about an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology.

Reference: INTEL-SA-00075Open a new window or CVE-2017-5689Open a new window

The information below includes a description of the vulnerability and the recommended steps as advised by Intel and Fujitsu America, Inc. (FAI) for affected product lines.

Summary

There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.

Applies to

FUJITSU LIFEBOOK®, STYLISTIC® , ESPRIMO®, and CELSIUS® models with firmware supporting Intel® vPro™

Recommended steps

Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system.
You can either:

  1. Consult the list of affected Fujitsu systems.
    • LIFEBOOK and STYLISTIC products:
      This list provides an overview of Fujitsu affected systems introduced in North America since 2012 for which Fujitsu intends to provide firmware updates. Please reference this model list specifically for LIFEBOOK and STYLISTIC mobile products.
      Download the list (109 KB)
    • ESPRIMO and CELSIUS products:
      This list provides an overview of Fujitsu affected systems introduced in North America since 2012 for which Fujitsu intends to provide firmware updates. Please reference this model list specifically for ESPRIMO and CELSIUS desktop and workstation products only.
      Download the listOpen a new window
  2. Follow the guide provided by Intel: How To Find Intel® vPro™ Technology Based PCsOpen a new window.
    If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system, then no further action is required.

Step 2: Assess if your Intel® AMT, Intel® SBA, or Intel® ISM capable system has the impacted firmware.
Utilize the Intel Detection GuideOpen a new window.
If your system is determined to be “Vulnerable”, the system manageability firmware needs to be updated.

Step 3: Download and install the UPDATED firmware update package.
To install and download the firmware update package, please go to the Fujitsu America support pageOpen a new window and proceed with the following actions:

  1. For LIFEBOOK and STYLISTIC mobile products, BIOS and firmware updates will be made available on the Fujitsu America support site, for Fujitsu products released from 2012 to present, in June 2017, and will be posted as they are released.

    To install and download the firmware update package for LIFEBOOK and STYLISTIC mobile products, please go to the FAI support page and proceed with the following actions:
    • Select “Product”.
    • Select “Series”.
    • Select “Model”.
    • Select “Go”.
    • Select BIOS/FW update package.
    • Download the BIOS/FW package and execute on your system.
    • Reconfirm as needed that the vulnerability risk has been successfully mitigated by utilizing the Intel Detection GuideOpen a new window.
  2. To install and download the firmware update package for ESPRIMO and CELSIUS desktop products, please go to the FTS support page and proceed with the following actions:
    • Select your “Product Line”.
    • Select your “Product Group” and “Product Family”.
    • Select your Operating System.
    • Download and install the latest firmware update package (Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 8.1.71.3608.) in the “AMT” section.

If a firmware update is not yet available, alternative mitigation options are provided in the INTEL-SA-00075 Mitigation GuideOpen a new window.

Fujitsu America, Inc. also recommends that these mitigation options be reviewed and considered for older models (pre 2012) as applicable.