Fujitsu Technical Support pages from Fujitsu Fujitsu Continental Europe, Middle East, Africa & India

Advisory note: Intel Firmware vulnerability

In an advisory note on May 1 2017, Intel published security information about an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology.

Reference: INTEL-SA-00075 or CVE-2017-5689

The information below includes a description of the vulnerability and the recommended steps as advised by Intel and Fujitsu for affected product lines.

Summary:

There is an escalation of privilege vulnerability in Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs.

Description:

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).

Recommended steps:

Step 1: Determine if you have an Intel® AMT, Intel® SBA, or Intel® ISM capable system.

You can either:
  1. Consult the list of Affected Fujitsu systems. This list provides an overview of Fujitsu affected systems introduced since 2012 and is updated regularly.
  2. Follow the guide provided by Intel: How To Find Intel® vPro™ Technology Based PCs.
    If you determine that you do not have an Intel® AMT, Intel® SBA, or Intel® ISM capable system, then no further action is required.

Step 2: Assess if your Intel® AMT, Intel® SBA, or Intel® ISM capable system has the impacted firmware

You can either:
  1. Consult the list of Affected Fujitsu systems. This list provides with an overview of Fujitsu affected systems introduced since 2012 and is updated regularly.
  2. Utilize the Intel Detection Guide. Note: If your version is in the “Resolved Firmware” or “Resolved Bios” column then no further action is required.

Step 3: Download and install the firmware update package

Before proceeding, please check the expected availability of the firmware update package in the list of Affected Fujitsu systems.

For Notebook or Tablet to install and download the firmware update package, please go to Fujitsu support page and proceed with the following actions:

  • Select “Browse For Product Type”.
  • Select your “Series”.
  • Select your “Model”.
  • Select your operating system.
  • Download and install the latest firmware update package.

For Desktop to install and download the firmware update package, please go to Fujitsu support page and proceed with the following actions:

  • Select “Browse For Product”.
  • Select your “product line”.
  • Select your “product group” and “product family”.
  • Select your “operating system”.
  • Download and install the latest firmware update package (Firmware versions that resolve the issue have a four digit build number that starts with a “3” (X.X.XX.3XXX) Ex: 8.1.71.3608.) in the “AMT” section.

If a firmware update is not yet available, alternative mitigation options are provided in the INTEL-SA-00075 Mitigation Guide.