Side-Channel Analysis Method (Spectre & Meltdown) Security Review

Security vulnerabilities (CVE 2017- 5715CVE 2017- 5753, CVE 2017- 5754, SA-00088)

Vulnerability Summary:
Malicious code utilizing a new method of side-channel analysis and running locally on a normally operating platform has the potential to allow the inference of data values from memory. This issue takes advantage of techniques commonly used in many modern processor architectures.

Potential impacts:
Elevation of Privilege / Information Disclosure
The exploits do not have the potential to corrupt, modify or delete data.

For more detailed information please refer to Intel® Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method (Intel-SA-00088)

Referring to the recommendations made by third-party suppliers, Fujitsu strongly advises all customers to update affected products. Updates are provided through an updated version of the BIOS and the necessary patches for the dedicated operating system. Under some circumstances, enabling these updates may affect performance. The actual performance impact will depend on multiple factors, such as the specific CPU generation in your physical host and the system load (used application). Fujitsu recommends that customers assess the performance impact for their system environment and make necessary adjustments.

The security of our products and our customers’ data is number one priority for Fujitsu. We are continuing to work with our partners in the industry to minimize any potential performance impact.

Fujitsu highly recommends customers to ensure that systems are physically secured where possible, and follow good security practices to ensure that only authorized personnel have access to devices.

Recommended steps:

  1. It is necessary to update the BIOS.
  2. Consult the list of affected Fujitsu systems for the timing of BIOS availability.
  3. To download the respective updates for your system, please go to the Fujitsu Support page and perform the following steps:
    • Select Product.
    • Select Series.
    • Select Model.
    • Press Go.
    • Download and install the latest BIOS update package.

Affected Products:
A number of Fujitsu products are affected by these vulnerabilities. Fujitsu is working to distribute patches for all affected products that are currently supported. Older systems that are no longer supported will not be patched.
An overview of the affected Client Computing Devices can be found here:

Model NameUpdate TypeRelease Date1
LIFEBOOK E547BIOSMarch 2018 vPro V1.15 non-vPro V1.11
LIFEBOOK E557BIOSMarch 2018 vPro V1.15 non-vPro V1.11
LIFEBOOK P727BIOSMarch 2018 V1.14
LIFEBOOK T937BIOSMarch 2018 V1.15
LIFEBOOK U727BIOSMarch 2018 V1.20
LIFEBOOK U747BIOSMarch 2018 V1.20
LIFEBOOK U757BIOSMarch 2018 V1.20
LIFEBOOK U937BIOSMarch 2018 V1.12
STYLISTIC Q737BIOSMarch 2018 V1.13
LIFEBOOK E546BIOSMarch 2018 vPro V1.21 non-vPro V1.28
LIFEBOOK E556BIOSMarch 2018 vPro V1.21 non-vPro V1.28
LIFEBOOK E736BIOSMarch 2018 vPro V1.23 non-vPro V1.29
LIFEBOOK E746BIOSMarch 2018 vPro V1.23 non-vPro V1.29
LIFEBOOK E756BIOSMarch 2018 vPro V1.23 non-vPro V1.29
LIFEBOOK T726BIOSMarch 2018 V1.17
LIFEBOOK T936BIOSMarch 2018 V1.17
LIFEBOOK U727 6th GenBIOSMarch 2018 V1.07
LIFEBOOK U747 6th GenBIOSMarch 2018 V1.07
LIFEBOOK U757 6th GenBIOSMarch 2018 V1.07
STYLISTIC Q616BIOSMarch 2018 V1.14
STYLISTIC Q736BIOSMarch 2018 V1.17
LIFEBOOK T725BIOSMay 2018 V1.20
LIFEBOOK T935BIOSMay 2018 V1.20
LIFEBOOK U745BIOSMay 2018 V1.22
STYLISTIC Q665BIOSMay 2018 V1.16
STYLISTIC Q775BIOSMay 2018 V1.21
LIFEBOOK E544BIOSMay 2018 V1.12
LIFEBOOK E554BIOSMay 2018 V1.12
LIFEBOOK E734BIOSMay 2018 vPro V1.33 non-vPro V1.24
LIFEBOOK E744BIOSMay 2018 vPro V1.33 non-vPro V1.24
LIFEBOOK E754BIOSMay 2018 vPro V1.33 non-vPro V1.24
LIFEBOOK T734BIOSMay 2018 vPro V1.15 non-vPro V1.13
LIFEBOOK T904BIOSMay 2018 V1.18
LIFEBOOK U904BIOSMay 2018 V1.17
STYLISTIC Q704BIOSMay 2018 vPro V1.39 non-vPro V1.34
1. Dates are subject to change

* Please note that this information is subject to change without any prior notice.

Microsoft Windows Advisory