Dell Client Statement on Intel ME/TXE Advisory (INTEL-SA-00086)

Overview

Dell is aware of the Intel® ME/TXE Elevation of Privileges vulnerabilities. Dell is diligently working to update the affected platforms. Firmware update details for these platforms will be added to this document as they become available and we recommend customers update their systems to the latest Intel Management Engine Firmware and iCLS Software by downloading the patched releases as they become available. We encourage customers to review Intel’s Security Advisory for information, including appropriate identification and mitigation measures.

In addition, Dell highly recommends system owners ensure that systems are physically secured where possible, and follow good security practices to ensure that only authorized personnel have hands-on access to devices.

Patch Guidance These patches may also include the firmware component of the Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method Advisory (INTEL-SA-00088), please refer to the Meltdown and Spectre Vulnerabilities page for complete details on Dell PCs and Thin Client. Per Intel’s guidance on January 22nd, Dell removed all BIOS updates from our support pages marked as "Suspended Releases" while Intel conducted root cause analysis for reported reboot issues and unpredictable system behavior. Starting February 8th, Dell has made available previously-removed BIOS updates for various CPUs. As Intel continues to provide production microcode for other processor generations, Dell will release BIOS updates for the listed affected platforms. All customers with an affected platform should download the latest BIOS update listed below.

References

Intel Security Advisory (INTEL-SA-00086) https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Intel Detection Guide and Discovery Tool https://downloadcenter.intel.com/download/28632?v=t

Intel® Management Engine (ME) 11.x: CVE-2017-5705 , CVE-2017-5708, CVE-2017-5711, CVE-2017-5712

Intel® Server Platform Service 4.0.x.x : CVE-2017-5706 , CVE-2017-5709

Intel® Trusted Execution Engine (TXE) 3.0 : CVE-2017-5707 , CVE-2017-5710

Firmware Release Details

The systems below are affected and can receive patched Intel® Management Engine Firmware either via stand-alone Windows-compatible update utility (MEFW Update) or integrated in Dell BIOS release (BIOS Update). Dates in this list are provided for customer planning purposes and will be updated with links to downloadable packages when available:

Notes: Prior to installing the MEFW or BIOS releases, please ensure Windows Updates are up to date.

The dates listed are estimated availability dates, as each release has to be thoroughly tested to make sure the updated MEFW or BIOS will not cause any new issues.

Dates mentioned below are in US format of MM/DD/YY

The table below has either has a direct link to the BIOS released to correct this issue (in the BIOS Update column) or a link to the product page for your Dell computer containing the latest BIOS available, which also includes the code to correct this issue (in the Model Number column).

You will need to do the following.

Touch or click the link to be taken to the Drivers & downloads section of the product page for your Dell computer. Using the drop down menu under Category:, select Chipset. Touch or click Download to the right of Intel Management Engine (Driver), and then follow the prompts. Using the drop down menu under Category:, select BIOS. Touch or click Download to the right of the latest BIOS listed for your computer, and then follow the prompts.

(Please read Patch Guidance above for more information about systems marked "Suspended Release")