Intel® Firmware vulnerabilities INTEL-SA-00112, INTEL-SA-00118
Reference:
Security vulnerabilities (INTEL-SA-00112, INTEL-SA-00118, CVE-2018-3628, CVE-2018-3629, CVE-2018-3632, CVE-2018-3627)
Vulnerability Summary:
In an effort to continuously improve the robustness of the Intel® Management Engine, Intel has performed a security review of their Intel® Management Engine (ME) with the objective of continuously enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place affected Intel® Active Management Technology platforms at risk. Intel highly recommends that all customers install updated firmware on affected platforms. For more information on the Intel security vulnerabilities, please visit the Intel Security Center website for further details.
Mitigation:
Fujitsu strongly advises all customers to update affected products. Updates are provided through BIOS updates. This page will be updated regularly as soon as new information is available.
Recommended steps:
- It is necessary to update the BIOS.
- Consult the list of affected Fujitsu systems for the timing of BIOS availability.
- To download the respective updates for your system, please go to the Fujitsu Support page and perform the following steps:
- Select Product.
- Select Series.
- Select Model.
- Press Go.
- Download and install the latest BIOS update package.
Affected Products:
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched. An overview of the affected Client Computing Devices can be found here:
| Model Name | Update Type | Release Date1 |
|---|---|---|
| LIFEBOOK P728 | BIOS | October 2018 V1.10 |
| LIFEBOOK T938 | BIOS | October 2018 V1.09 |
| LIFEBOOK U728 | BIOS | August 2018 V1.13 |
| LIFEBOOK U748
LIFEBOOK U758 | BIOS | August 2018 V1.13 |
| LIFEBOOK E558
LIFEBOOK E548 | BIOS | October 2018 V1.13 |
| LIFEBOOK U938 | BIOS | October 2018 V1.14 |
| STYLISTIC Q738 | BIOS | December 2018 V1.08 |
| LIFEBOOK E557
LIFEBOOK E547 | BIOS | non-vPro February 2020 V1.19
vPro February 2020 V1.19 |
| LIFEBOOK P727 | BIOS | October 2018 V1.15 |
| LIFEBOOK T937 | BIOS | October 2018 V1.16 |
| LIFEBOOK U727 | BIOS | December 2018 V1.22 |
| LIFEBOOK U747
LIFEBOOK U757 | BIOS | December 2018 V1.22 |
| LIFEBOOK U937 | BIOS | October 2018 V1.13 |
| STYLISTIC Q737 | BIOS | December 2018 V1.14 |
| LIFEBOOK E556
LIFEBOOK E546 | BIOS | non-vPro February 2019 V1.31
vPro February 2019 V1.22 |
| LIFEBOOK E736
LIFEBOOK E746 LIFEBOOK E756 | BIOS | non-vPro February 2019 V1.33
vPro February 2019 V1.25 |
| LIFEBOOK T726 | BIOS | December 2018 V1.18 |
| LIFEBOOK T936 | BIOS | January 2019 V1.18 |
| LIFEBOOK U727 6th Gen | BIOS | October 2018 V1.09 |
| LIFEBOOK U747 6th Gen
LIFEBOOK U757 6th Gen | BIOS | October 2018 V1.09 |
| STYLISTIC Q616 | BIOS | February 2019 V1.15 |
| STYLISTIC Q736 | BIOS | February 2019 V1.18 |
| STYLISTIC R726 | BIOS | March 2020 V1.22 |
| LIFEBOOK T725 | BIOS | February 2019 V1.21 |
| LIFEBOOK T935 | BIOS | February 2019 V1.21 |
| LIFEBOOK U745 | BIOS | February 2019 V1.23 |
| STYLISTIC Q665 | BIOS | February 2019 V1.17 |
| STYLISTIC Q775 | BIOS | February 2019 V1.22 |
| LIFEBOOK E734
LIFEBOOK E744 LIFEBOOK E754 | BIOS | August 2019 V1.26 |
| LIFEBOOK T734 | BIOS | June 2019 V1.16 |
| LIFEBOOK T904 | BIOS | June 2019 V1.19 |
| 1. Dates are subject to change | ||
* Please note that this information is subject to change without any prior notice.
Note: Fujitsu does not manufacture the affected microprocessors that Fujitsu buys from third party suppliers and integrates into its products. Therefore, this communication is based on the information and recommendations Fujitsu has received from the third party suppliers of the affected microprocessors. Fujitsu does not warrant that this communication is applicable or complete for all customers and all situations. Fujitsu recommends that customers determine the applicability of this communication to their individual situation and take appropriate measures. Fujitsu is not liable for any damages or other negative effects resulting from customers’ use of this communication. All details of this communication are provided "as is" without any warranty or guarantee. Fujitsu reserves the right to change or update this communication at any time. Websites of other companies referred to in this communication are the sole responsibility of such other companies. Fujitsu does not assume any liability with respect to any information and materials provided by its suppliers, including on such websites. Designations may be protected by trademarks and/or copyrights of Fujitsu or the respective owners, the use of which by third parties for their own purposes may infringe the rights of such owners.