Intel Firmware vulnerability (INTEL-SA-00086)
Advisory note: Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
Reference: Intel security vulnerabilities(INTEL-SA-00086)
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted. Fujitsu and Intel highly recommend that all customers install updated firmware and Intel® Capability License Service on impacted platforms.
For more detailed information please refer to the Intel web site:
https://security-center.intel.com/
Affected Fujitsu products:
A number of Fujitsu products are affected by the vulnerabilities identified in above mentioned Intel firmware versions.
Fujitsu strongly advises that all customers install updated firmware / BIOS and Intel® Capability License Service (iCLS) Client Software on impacted platforms. The update process and remediation steps are outlined below.
An overview of Fujitsu affected products can be found here:
Model Name | Updated
BIOS Version | Updated
ME Version | Release Date | Updated Driver Version | Release Date |
---|---|---|---|---|---|
LIFEBOOK AH556 (UMA) | V1.23 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK AH556 (AMD) | V1.23 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK AH557 (UMA) | V1.13 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK AH557 (AMD) | V1.13 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK E546/E556 (VPro) | V1.18 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK E546/E556 (non-VPro) | V1.25 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK E547/E557 (VPro) | V1.13 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK E547/E557 (non-VPro) | V1.09 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK E733/E743/E753 (VPro) |
- | V8.1.71.3608 | End of Dec. | TBD | TBD |
LIFEBOOK E734/E744/E754 (VPro) | - | V9.1.41.3024 | End of Dec. | TBD | TBD |
LIFEBOOK E734/E744/E754 (non-VPro) | - | V9.1.41.3024 | End of Dec. | TBD | TBD |
LIFEBOOK E736/E746/E756 (VPro) | V1.21 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK E736/E746/E756 (non-VPro) | V1.27 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK E752/E782 | - | V8.1.71.3608 | End of Dec. | TBD | TBD |
LIFEBOOK P727 | V1.12 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK P772 | - | V8.1.71.3608 | End of Dec. | TBD | TBD |
LIFEBOOK S752/S782 | - | V8.1.71.3608 | End of Dec. | TBD | TBD |
LIFEBOOK S762/S792 | - | V8.1.71.3608 | End of Dec. | TBD | TBD |
LIFEBOOK S904 | - | V9.1.41.3024 | End of Dec. | TBD | TBD |
LIFEBOOK S935 | - | V10.0.55.3000 | End of Dec. | TBD | TBD |
LIFEBOOK S936 | V1.18 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK S937 | V1.07 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK T725 | - | V10.0.55.3000 | End of Dec. | TBD | TBD |
LIFEBOOK T726 | V1.15 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK T732 | - | V8.1.71.3608 | End of Dec. | TBD | TBD |
LIFEBOOK T734 | - | V9.1.41.3024 | End of Dec. | TBD | TBD |
LIFEBOOK T902 | - | V8.1.71.3608 | End of Dec. | TBD | TBD |
LIFEBOOK T904 | - | V9.1.41.3024 | End of Dec. | TBD | TBD |
LIFEBOOK T935 | - | V10.0.55.3000 | End of Dec. | TBD | TBD |
LIFEBOOK T936 | V1.14 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK T937 | V1.13 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK U536 | V1.17 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
LIFEBOOK U537 | V1.10 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK U727 | V1.18 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK U727 (6th Gen.) | V1.06 | - | Already released | V11.7.0.1043(Win10 64bit, Win7 64bit) | End of Dec. |
LIFEBOOK U745 | - | V10.0.55.3000 | End of Dec. | TBD | TBD |
LIFEBOOK U747/U757 | V1.18 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
LIFEBOOK U747/U757 (6th Gen.) | V1.06 | - | Already released | V11.7.0.1043(Win10 64bit, Win7 64bit) | End of Dec. |
LIFEBOOK U937 | V1.10 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
Model Name | Updated
BIOS Version | Updated
ME Version | Release Date | Updated Driver Version | Release Date |
---|---|---|---|---|---|
STYLISTIC Q616 | V1.12 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
STYLISTIC Q665 | - | V10.0.55.3000 | End of Dec. | TBD | TBD |
STYLISTIC Q702 | - | V8.1.71.3608 | End of Dec. | TBD | TBD |
STYLISTIC Q704 | - | V9.1.41.3024 | End of Dec. | TBD | TBD |
STYLISTIC Q736 | V1.15 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit)
V11.7.0.1052(Win7 32bit) | End of Dec. |
STYLISTIC Q737 | V1.11 | - | Mid. of Dec | V11.7.0.1043(Win10 64bit) | End of Dec. |
STYLISTIC Q775 | - | V10.0.55.3000 | End of Dec. | TBD | TBD |
STYLISTIC R726
(VPro) | V1.17 | - | TBD | V11.7.0.1043(Win10 64bit, Win8.1 64bit) | End of Dec. |
STYLISTIC R726
(non-VPro) | V1.18 | - | TBD | V11.7.0.1043(Win10 64bit, Win8.1 64bit) | End of Dec. |
Model Name | Updated
BIOS Version | Updated
ME Version | Release Date | Updated Driver Version | Release Date |
---|---|---|---|---|---|
CELSIUS H730 | - | V9.1.41.3024 | End of Dec. | TBD | TBD |
CELSIUS H760 | V1.21 | - | Already released | V11.7.0.1043(Win10 64bit, Win8.1 64bit, Win7 64bit) | End of Dec. |
CELSIUS H770 | V1.10 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
CELSIUS H970 | V1.11 | - | Already released | V11.7.0.1043(Win10 64bit) | End of Dec. |
*1: Dates are subject to change
*2: Please apply mentioned version or newer version.
CELSIUS (WorkStation) | Please refer to the following site. http://support.ts.fujitsu.com/content/intel_firmware_SA86.asp |
---|---|
ESPRIMO (Desktop) |
Description:
Based on the items identified through a comprehensive security review, an attacker could gain unauthorized access to platforms, Intel® ME features, and third-party data protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
This includes scenarios where a successful attacker could:
- Impersonate the ME/SPS/TXE, thereby impacting the validity of local security features.
- Load and execute arbitrary code outside the visibility of the user and operating system.
- Cause a system crash or instability.
Attention:
- Due to the potential exposure of platform keys, Intel will re-provision new platform keys on impacted systems.
- Revocation of existing platform keys on impacted systems is being targeted for the first half of 2018 in a coordinated effort with impacted third-party content & service providers.
- Re-provisioning of platform keys on impacted systems should occur prior to the revocation to avoid potential interruptions in third-party services.
Recommended steps for remediation:
Step 1:
Determine if you have an affected system with Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
Consult the list as mentioned above.
Before proceeding, please check the expected availability of the firmware-/BIOS update package.
Step 2:
Download and install the firmware-/BIOS/Driver update package.
For Notebook or Tablet to install and download the firmware-/BIOS/Driver update package, please go to Fujitsu support page and proceed with the following actions:
1. Select “Product Type”.
2. Select “Series”.
3. Select “Model”.
4. Select “OS”.
5. Download and install the latest firmware- / BIOS update package from the “BIOS“ section
Download and install the latest Intel Management Engine Driver package from the “Driver“ section
For Desktop and Workstation, please go to Fujitsu support page and follow the instructions.
Note: To re-provision the security platform keys, the latest version (Version 1.47.715.0. or higher) of the Intel® Capability License Service (iCLS) Client software is required. The iCLS client software is a part of the Intel® MEI driver software installer package. The Intel Management Engine Driver version 11.7.0.1043 or higher must be installed to ensure the correct iCLS client software version.