2020.2 INTEL PLATFORM UPDATE (IPU)
Intel 2020.2 IPU covering Intel® CSME, SPS, TXE, AMT, ISM & DAL updates, Intel® Firmware (BIOS) updates, Intel® Processor Microcode (MCU) updates
Fujitsu Communication
Original release: November 10, 2020
Advisory Description
INTEL-SA-00391:2020.2 IPU – Intel® CSME, SPS, TXE, AMT, ISM & DAL Advisory
Multiple potential security vulnerabilities in Intel® Converged Security and Management Engine (Intel® CSME), Server Platform Services (Intel® SPS), Trusted Execution Engine (Intel® TXE), Intel® Active Management Technology (Intel® AMT) (including Intel® Standard Manageability (ISM)) and Intel® Dynamic Application Loader (Intel® DAL) may allow a denial of service, information disclosure or an escalation of privilege. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE-2020-8752: Out-of-bounds write in IPv6 subsystem for Intel® AMT, Intel® ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
CVE-2020-8753: Out-of-bounds read in DHCP subsystem for Intel® AMT, Intel® ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
CVE-2020-12297: Improper access control in Installer for Intel® CSME Driver for Windows versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.
CVE-2020-8745: Insufficient control flow management in subsystem for Intel® CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2020-8744: Improper initialization in subsystem for Intel® CSME versions before 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE versions before 4.0.30 Intel® SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8705: Insecure default initialization of resource in Intel® Boot Guard in Intel® CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE versions before 3.1.80 and 4.0.30, Intel® SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access.
CVE-2020-8750: Use after free in Kernel Mode Driver for Intel® TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-12303: Use after free in DAL subsystem for Intel® CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel® TXE 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access.
CVE-2020-8757: Out-of-bounds read in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8756: Improper input validation in subsystem for Intel® CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8760: Integer overflow in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-12355: Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel® TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2020-8751: Insufficient control flow management in subsystem for Intel® CSME versions before 11.8.80, Intel® TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2020-8754: Out-of-bounds read in subsystem for Intel® AMT, Intel® ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
CVE-2020-8761: Inadequate encryption strength in subsystem for Intel® CSME versions before 13.0.40 and 13.30.10 may allow an unauthenticated user to potentially enable information disclosure via physical access.
CVE-2020-8747: Out-of-bounds read in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
CVE-2020-8755: Race condition in subsystem for Intel® CSME versions before 12.0.70 and 14.0.45, Intel® SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2020-12356: Out-of-bounds read in subsystem in Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2020-8746: Integer overflow in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2020-8749: Out-of-bounds read in subsystem for Intel® AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
Vulnerabilities described in CVE-2020-12304 and CVE-2020-12354 address Intel® DAL SDK and Intel® AMT SDK respectively. Mitigation is at the discretion of the end user. The Intel® AMT SDK is available for download at Intel.
Potential Impact:
According to the information provided the potential impact of INTEL-SA-00391 is:
Denial of Service, Information Disclosure, Privilege Escalation
INTEL-SA-00358: 2020.2 IPU – Intel® Firmware (BIOS) Advisory
Multiple potential security vulnerabilities in BIOS firmware for Intel® Processors may allow a denial of service and/or an escalation of privilege. The detailed description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:
CVE-2020-0590: Improper input validation in BIOS firmware for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2020-0587: Improper conditions check in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-0591: Improper buffer restrictions in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-0593: Improper buffer restrictions in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-0588: Improper conditions check in BIOS firmware for some Intel® Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-0592: Out of bounds write in BIOS firmware for some Intel® Processors may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.
Potential Impact:According to the information provided the potential impact of INTEL-SA-00358 is:
Denial of Service, Privilege Escalation
INTEL-SA-00381: 2020.2 IPU – Intel® Fast forward Store Predictor (FFSP) and Vector Register Leakage-Active (VRLA) Advisory
Multiple potential security vulnerabilities in some Intel® Processors may allow information disclosure. The detailed description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:
CVE-2020-8698: Improper isolation of shared resources in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access (FFSP).
CVE-2020-8696: Improper removal of sensitive information before storage or transfer in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access (VRLA).
The audience may please refer to further publications by manufacturer Intel® on the 2020.2 IPU – Intel® Fast forward Store Predictor (FFSP) and Vector Register Leakage-Active (VRLA) Advisory, such as the corresponding article IPAS: Security Advisories for November 2020, for additional technical details about FFSP and VRLA.
Potential Impact:According to the information provided the potential impact of INTEL-SA-00381 is:
Information Disclosure
INTEL-SA-00389: 2020.2 IPU – Intel® Running Average Power Limit (RAPL) Advisory
Multiple potential security vulnerabilities in the Intel® Running Average Power Limit (RAPL) interface may allow information disclosure. The detailed description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE-2020-8694: Insufficient access control in the Linux kernel driver for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2020-8695: Observable discrepancy in the RAPL interface for some Intel® Processors may allow a privileged user to potentially enable information disclosure via local access.
The audience may please refer to further publications by manufacturer Intel® on the 2020.2 IPU – Intel® Running Average Power Limit (RAPL) Advisory, such as the corresponding article IPAS: Security Advisories for November 2020, for additional technical details about RAPL. The Running Average Power Limit (RAPL) issue may also be widely known as PLATYPUS.
Potential Impact:According to the information provided the potential impact of INTEL-SA-00389 is:
Information Disclosure
2020.2 IPU – Intel® Processor Microcode (MCU) and Intel® Firmware (BIOS) Functional Updates
Additionally, multiple functional updates took place in Intel® Processor Microcode (MCU), affecting products / architectures CLX, SKX, CFL, CFL-S, Grantley HSX EP C0, SKL, KBL, WHL, AML, ICL and LKF, referring to:
CLX MOB Speedpath: CLX has a speedpath that can cause unpredictable system behavior. This speedpath has only been observed to manifest at high frequency (e.g. >=3.6GHz) but may impact lower frequencies as well. (CLX)
IRR Restore with RS throttle (ITR #2): Lost interrupt during RS throttling. (SKX, CLX)
CFL-S Display PLL: Display PLL settings change. (CFL, CFL-S)
Incorrect Data Returned when Reading Per DIMM Temperatures on Server Haswell-EP Processor: Issue observed when reading per-DIMM temperatures through the PECI command after patch 0x43 (2019.1 IPU). (Grantley-HSX EP C0)
MD_Clear Errata: On processors that enumerate the MD_CLEAR CPUID bit, the VERW instruction may not clear all buffers under certain conditions. (SKX, CLX, SKL, KBL, CFL (including Xeon E3), WHL, AML)
SSBD may not properly restrict load execution: Under certain microarchitectural conditions, loads may execute speculatively before the addresses of all older stores are known, even when IA32_SPEC_CTRL.SSBD=1, or when in SMM or SGX. (ICL, LKF)
Additionally, multiple functional updates took place in BIOS and CSME/SPS, which were updated on some SKU’s to address their sightings, affecting products / architectures CLX, SKX, SKX-D, Xeon E Mehlow, CFL, ICL client, SKL client, referring to:
CLX/AEP Dropped Write: The issue applies to CLX/AEP and can be seen on channels that have a DDR4 DIMM and DDRT DIMM. (CLX)
Multiple fixes and enhancements: Rank-switching Speedpath , Multiple VLS, eMCA legacy issues: Adv. Mem Test, PPR, Patrol Scrub and other changes. (SKX, CLX)
Intel® Xeon® E Mehlow/CFL Platform Memory/Boot Issue: Customer systems configured with MRC v100 may fail to boot during cold boot. Reports indicate the failure is due to MRC RTL (Round Trip Latency) training failures. (Xeon E Mehlow, CFL)
SKX-D PCH SATA Issue: SKX-D SATA Lanes May Not Get Calibrated Correctly. (SKX-D)
Reducing Susceptibility to Rowhammer style attacks on DDR4: Added BIOS options for low watermark and 2x refresh to client and server CPUs. Added option to enable pTRR for client SKL based CPUs. (SKX, CLX & ICL client (Watermark, 2X), Client SKL family (Watermark, 2X, pTRR))
There were no additional CVEs assigned to these FUNCTIONAL updates.
CVE Reference(INTEL-SA-00391, INTEL-SA-00358, INTEL-SA-00381, INTEL-SA-00389)
INTEL-SA-00391: 2020.2 IPU – Intel® CSME, SPS, TXE, AMT, ISM & DAL AdvisoryThe description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
CVE-2020-8752 | 9.4 (Critical) |
CVE-2020-8753 | 8.2 (High) |
CVE-2020-12297 | 8.2 (High) |
CVE-2020-8745 | 7.3 (High) |
CVE-2020-8744 | 7.2 (High) |
CVE-2020-8705 | 7.1 (High) |
CVE-2020-8750 | 7.0 (High) |
CVE-2020-12303 | 7.0 (High) |
CVE-2020-8757 | 6.3 (Medium) |
CVE-2020-8756 | 6.3 (Medium) |
CVE-2020-8760 | 6.0 (Medium) |
CVE-2020-12355 | 5.3 (Medium) |
CVE-2020-8751 | 5.3 (Medium) |
CVE-2020-8754 | 5.3 (Medium) |
CVE-2020-8761 | 4.9 (Medium) |
CVE-2020-8747 | 4.8 (Medium) |
CVE-2020-8755 | 4.6 (Medium) |
CVE-2020-12356 | 4.4 (Medium) |
CVE-2020-8746 | 4.3 (Medium) |
CVE-2020-8749 | 4.2 (Medium) |
INTEL-SA-00358: 2020.2 IPU – Intel® Firmware (BIOS) Advisory
The description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
7.7 (High) | |
6.7 (Medium) | |
6.7 (Medium) | |
4.7 (Medium) | |
3.8 (Low) | |
3.0 (Low) |
INTEL-SA-00381: 2020.2 IPU – Intel® Fast forward Store Predictor (FFSP) and Vector Register Leakage-Active (VRLA) Advisory
The description of the vulnerabilities with at least a low, medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
CVE-2020-8698 | 5.5 (Medium) |
CVE-2020-8696 | 2.5 (Low) |
INTEL-SA-00389: 2020.2 IPU – Intel® Running Average Power Limit (RAPL) Advisory
The description of the vulnerabilities with at least a medium, high or critical CVSS base score is as follows:
CVE Number | CVSS Base Score |
---|---|
CVE-2020-8694 | 5.6 (Medium) |
CVE-2020-8695 | 5.3 (Medium) |
Links for Technical Details
Technical details of the potential security vulnerabilities and functional issues are documented online:
Affected Fujitsu Products
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.
An overview of the affected Client Computing Devices (e.g. CELSIUS, ESPRIMO, FUTRO, LIFEBOOK, STYLISTIC) can be found here:
This page will be updated regularly as soon as new information is available. Besides a list of affected systems, also more detailed advice will follow.
Affected Fujitsu products are listed below. For detailed information on the Fujitsu-approved remedy, please refer to the official 2020.2 INTEL PLATFORM UPDATE (IPU), as well as to the official Intel® security advisories (INTEL-SA-00391, INTEL-SA-00358, INTEL-SA-00381 and INTEL-SA-00389).
LIFEBOOK
Model Name | New Bios ( with Fix ) | Bios Release date | NEW FIXED DRIVER | DRIVER Release date |
---|---|---|---|---|
List of LIFEBOOK AH556-UMA | t.b.d | t.b.d | Intel(R) Management Engine Interface Driver (Win10) 2035.15.0.1821 | t.b.d. |
List of LIFEBOOK AH556-VGA | t.b.d | t.b.d | Intel(R) Management Engine Interface Driver (Win10) 2035.15.0.1821 | t.b.d. |
LIFEBOOK AH557 | t.b.d | t.b.d | Intel(R) Management Engine Interface Driver (Win10) 2031.15.0.1743 | t.b.d. |
LIFEBOOK E448 / E458 | V1.19 | t.b.d | Intel(R) Management Engine Interface Driver (Win10) 2035.15.0.1821 | available |
LIFEBOOK E449 / E459 | V1.07 | t.b.d | Intel(R) Management Engine Interface Driver (Win10) 2031.15.0.1743 | available |
LIFEBOOK E549 | V2.17 | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d.
|
LIFEBOOK E556/E546(Non-Vpro) | V1.33 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d available available |
LIFEBOOK E556/E546(Vpro) | V1.25 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d available available |
LIFEBOOK E557/E547(Non-Vpro) | V1.17 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK E557/E547(Vpro) | V1.21 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK E558/E548 | V1.20 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK E559 | V2.17 | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d.
|
LIFEBOOK E736/E746/E756 (Non-Vpro) | V1.38 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d available available |
LIFEBOOK E736/E746/E756 (Vpro) | V1.29 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d available available |
LIFEBOOK E5410 | -/- | -/- | Intel(R) Management Engine Firmware Version 14.0 Corporate SKU Update (Win10) 14.0.45.1389
| t.b.d.
|
4LIFEBOOK E5510 | -/- | -/- | Intel(R) Management Engine Firmware Version 14.0 Corporate SKU Update (Win10) 14.0.45.1389
| t.b.d.
|
LIFEBOOK P727 | V1.21 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK P728 | V1.17 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK S936 | V1.24 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746 Intel(R) Active Management Technology Driver (Win10) 2035.15.0.1821 | t.b.d.
|
LIFEBOOK S937 | V1.15 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK S938 | V1.17 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK T726 | V1.22 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d t.b.d.
|
LIFEBOOK T936 | V1.22 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746 Intel(R) Active Management Technology Driver (Win10) 2035.15.0.1821 | t.b.d.
|
LIFEBOOK T937 | V1.21 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK T938 | V1.16 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK U727/U747/U757 | V1.27 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK U727/U747/U757(6th gen.) | V1.16 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK U728/U748/U758 | V1.23 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK U729/U749/U759 | V2.21 | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d.
|
LIFEBOOK U729X | V2.13 | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d.
|
LIFEBOOK U7310 | --- | --- | Intel(R) Management Engine Firmware Version 14.0 Corporate SKU Update (Win10) 14.0.45.1389
| t.b.d.
|
LIFEBOOK U7410 | --- | --- | Intel(R) Management Engine Firmware Version 14.0 Corporate SKU Update (Win10) 14.0.45.1389
| t.b.d.
|
LIFEBOOK U7510 | --- | --- | Intel(R) Management Engine Firmware Version 14.0 Corporate SKU Update (Win10) 14.0.45.1389
| t.b.d.
|
LIFEBOOK U937 | V1.21 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK U938 | V1.24 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
LIFEBOOK U939 ( W/ALT) | V2.14 | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d.
|
LIFEBOOK U939 ( W/TBT) | V2.15 | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d.
|
LIFEBOOK U939X ( W/ALT) | V2.15 | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d.
|
LIFEBOOK U939X ( W/TBT) | V2.18 | V2.18 | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652 Intel(R) Active Management Technology Driver (Win10) 2031.15.0.1743 | t.b.d.
|
LIFEBOOK U9310 | --- | --- | Intel(R) Management Engine Firmware Version 14.0 Corporate SKU Update (Win10) 14.0.45.1389
| t.b.d.
|
LIFEBOOK U9310X | --- | --- | Intel(R) Management Engine Firmware Version 14.0 Corporate SKU Update (Win10) 14.0.45.1389
| t.b.d.
|
STYLISTIC
Model Name | New Bios ( with Fix ) | Bios Release date | NEW FIXED DRIVER | DRIVER Release date |
---|---|---|---|---|
STYLISTIC Q509 | V1.26 | t.b.d | Intel(R) Trusted Execution Engine Interface Driver (Win10) 1924.4.0.1062v3 | t.b.d |
STYLISTIC Q616 | V1.20 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d
|
STYLISTIC Q736 | V1.20 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d
|
STYLISTIC Q737 | V1.20 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d
|
STYLISTIC Q738 | V1.13 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746 Intel(R) Active Management Technology Driver (Win10) 2035.15.0.1821 | t.b.d
|
STYLISTIC Q739 | V2.13 | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d
|
STYLISTIC R726(Non-Vpro) | t.b.d | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d
|
STYLISTIC R726(Vpro) | t.b.d |
t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d
|
CELSIUS (Mobile)
Model Name | New Bios ( with Fix ) | Bios Release date | NEW FIXED DRIVER | DRIVER Release date |
---|---|---|---|---|
CELSIUS H760 | V1.31 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746 Intel(R) Active Management Technology Driver (Win10) 2035.15.0.1821 | t.b.d.
|
CELSIUS H770 | V1.21 | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746
| t.b.d.
|
CELSIUS H780 | t.b.d | t.b.d | Intel(R) Management Engine Firmware Version 12.0 Corporate SKU Update (Win10) 12.0.70.1652
| t.b.d.
|
CELSIUS H970 | t.b.d | t.b.d | Intel(R) Management Engine Firmware Version 11.8 Corporate SKU Update (Win10) 11.8.80.3746 Intel(R) Active Management Technology Driver (Win10) 2035.15.0.1821[ 2020/11/17 ] | t.b.d.
|
*1: Dates are subject to change
*2: Please apply mentioned version or newer version.
*3. cw: calendar week / TBD : to be defined
CELSIUS (WorkStation) | List of affected Fujitsu products (APL) Please refer to the following site.
|
---|---|
ESPRIMO (Desktop) | |
FUTRO (Thin-Client) |
This page will be updated regularly as soon as new information is available. Besides a list of affected systems, also more detailed advice will follow. https://support.ts.fujitsu.com/content/Fujitsu-PSIRT-PMS-IS-2020-061817.asp?lng=COM
NOTE:
Intel® Security Advisory INTEL-SA-00404 is not officially part of this 2020.2 Intel Platform Update (IPU). However, certain updates were issued along with the 2020.1 Intel Platform Update (IPU) and some will be provided along with updates for this 2020.2 Intel Platform Update (IPU).
Intel® Security Advisory INTEL-SA-00356 is not officially part of this 2020.2 Intel Platform Update (IPU). However, updates will also be provided along with updates for this 2020.2 Intel Platform Update (IPU), except for non-affected CVE-2020-8671.
Intel® Security Advisory INTEL-SA-00403 is not officially part of this 2020.2 Intel Platform Update (IPU). However, updates will also be provided in the same period as the updates for this 2020.2 Intel Platform Update (IPU).
Intel® Security Advisories INTEL-SA-00439, INTEL-SA-00431, INTEL-SA-00430, INTEL-SA-00429, INTEL-SA-00424, INTEL-SA-00405 and INTEL-SA-00347 are not part of this 2020.2 Intel Platform Update (IPU). Further, Fujitsu is not affected by any of these Intel® Security Advisories.
Recommended Steps for Remediation
Remediation via BIOS Update
Step 1: Determine whether you have an affected system.
Refer to the https://www.fujitsu.com/hk/support/products/computing/pc/ap/ . This list is updated regularly.
Before proceeding, please check the expected availability of the relevant BIOS update package.
Step 2: Download and install the BIOS update package.
To download and install the BIOS update package, please go to the http://www.fujitsu-pc-asia.com/driversupport/selectioninterface/selection.html and follow these steps:
- Select "Product Type " (button)
- Select "Series "
- Select "Model and OS "
- Select " BIOS ".
- Download and install the latest BIOS update package
Remediation via Management Engine (ME) Update
Updating the ME firmware is an alternative to updating the BIOS and used when a BIOS update is not planned. However, it may only be available for some specific Client Computing Devices.
Step 1: Determine whether you have an affected system.
Refer to the https://www.fujitsu.com/hk/support/products/computing/pc/ap/ . This list is updated regularly.
Before proceeding, please check the expected availability of the relevant ME update package.
Step 2: Download and install the BIOS update package.
To download and install the BIOS update package, please go to the http://www.fujitsu-pc-asia.com/driversupport/selectioninterface/selection.html and follow these steps:
- Select "Product Type t" (button)
- Select "Series "
- Select "Model and OS "
- Select " BIOS ".
- Download and install the latest ME Firmware package
Step 3: Preparation.
After downloading the .zip file, containing the ME Firmware Update Pack, extract all files/directories/subdirectories
in the Firmware.ME directory (\Firmware.ME) of the .zip file to the desired directory on the hard drive.
Step 4:ME Update Procedure.
The "Firmware.ME" directory contains the ME update files which can be used in Windows environment. Run "update.bat"
in Windows cmd environment with administrative privileges to start the ME flash procedure. Please choose 32-bit or 64-bit
directory if using a Windows 32-bit or a Windows 64-bit installation.
Hints:
- To run the ME Update procedure using a Windows installation, it is necessary to have the Windows "HECI" driver installed. Please use the Intel(R) Active Management Technology Driver package for Windows.
- To run the ME update procedure, using a Windows PE installation, it is necessary to have the Windows "HECI" driver installed. This can be done at runtime by executing "drvload.exe \HECI.INF". The "HECI" driver can be extracted from the Intel® Active Management Technology (Intel® AMT) Driver Package for Windows.
Links for Software Security Updates
Vendor Fujitsu
LIFEBOOK : http://www.fujitsu-pc-asia.com/driversupport/selectioninterface/selection.html
CELSIUS (WorkStation)/ESPRIMO (Desktop)/FUTRO (Thin-Client) :http://support.ts.fujitsu.com
Vendor Intel
https://security-center.intel.com/
Further Information
Contact Details
Should you require any further security-related assistance, please contact: fpca-hk.cs@hk.fujitsu.com
Legal Statement
Fujitsu does not manufacture the affected microprocessors, that Fujitsu buys from third party suppliers and integrates into its products. Therefore, this communication is based on the information and recommendations Fujitsu has received from the third party suppliers of the affected microprocessors.
Fujitsu does not warrant that this communication is applicable or complete for all customers and all situations. Fujitsu recommends that customers determine the applicability of this communication to their individual situation and take appropriate measures. Fujitsu is not liable for any damages or other negative effects, resulting from customers’ use of this communication. All details of this communication are provided "as is" without any warranty or guarantee. Fujitsu reserves the right to change or update this communication at any time.
Websites of other companies referred to in this communication are the sole responsibility of such other companies. Fujitsu does not assume any liability with respect to any information and materials provided by its suppliers, including on such websites.
Designations may be protected by trademarks and/or copyrights of Fujitsu or the respective owners, the use of which by third parties for their own purposes may infringe the rights of such owners.