Boston Labs Announcement: Intel Security Vulnerabilities Regarding Intel® Management Engine (ME)

Posted on 18 December 2017

Boston Labs Announcement: Intel Security Vulnerabilities Regarding Intel® Management Engine (ME)

Based on items identified through a comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).

This includes scenarios where a successful attacker could:

  • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
  • Load and execute arbitrary code outside the visibility of the user and operating system.
  • Cause a system crash or system instability.

For more information, please see the Intel Support article/notice INTEL-SA-00086 - it is imperative to act as soon as possible.

“The following is available from Supermicro, covering the products which are affected, and how to patch against this threat.

“Intel has issued a security notice (INTEL-SA-00086) for select systems that use Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience. As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

The following X11 and embedded/desktop Supermicro Motherboards are impacted by this issue.

There are two options to determine if your system is impacted.

1) You can run the tool that Intel provides for detection (Intel-SA-00086 Detection Tool)

2) Refer to the table below to identify your system and associated Motherboard.

To update your systems, navigate to the web page for the associated motherboard and update to the BIOS specified below.

Please use SUM 2.0.0 (20171108) for Purley platforms and SUM 2.0.1 for Apollolake and Denverton platforms. Not using the above versions to update BIOS revisions may hang the system after downgrades.

Additional systems will be added to this list as information becomes available” 

If you have any queries regarding this topic, please contact our support team via the partner portal, or email [email protected]


See the Supermicro website for more.

 

Dual Processor (2S) X11 Systems

- All X11 Systems need to be updated to version 2.0 or greater of BIOS
- Availability is pending with the following 10 mother boards scheduled to be updated by Friday 12/1

 

Motherboard

BIOS Status

Related Systems

X11DAi-N

v 2.0

SYS-7039A-ISYS-7049A-T

X11DPH-Tq

v 2.0

n/a

X11DPH-i

v 2.0

n/a

X11DPH-T

v 2.0

SSG-2029P-E1CR24HSSG-2029P-E1CR24LSSG-6029P-E1CR12H,
SSG-6029P-E1CR12LSSG-6029P-E1CR12TSSG-2029P-ACR24H,
SSG-2029P-ACR24LSSG-6029P-E1CR16TSSG-6039P-E1CR16H,
SSG-6039P-E1CR16LSSG-6049P-E1CR24LSSG-6049P-E1CR24H,
SSG-6049P-E1CR36HSSG-6049P-E1CR36L

X11DDW-NT

v 2.0

SYS-1029P-WTRTSYS-6029P-WTRT

X11DDW-L

v 2.0

SYS-1029P-WTSYS-1029P-WTRSYS-6019P-WT,
SYS-6019P-WTRSYS-6019P-WT8SYS-6029P-WTR

X11DPFR-SN

12/12/2017

SYS-F619P2-RTNSYS-F619P2-RC0SYS-F619P2-RC1,
SYS-F629P3-RC0BSYS-F629P3-RC0BSYS-F629P3-RC1B,
SYS-F629P3-RTBN

X11DPFR-S

12/12/2017

SYS-F619P2-RTSYS-F629P3-RTB

X11DPT-PS

v 2.0

SYS-2029TP-HTRSYS-2029TP-HC0RSYS-2029TP-HC1R,
SYS-6029TP-HTRSYS-6029TP-HC1RSYS-6029TP-HC0R

X11DPT-B

v 2.0

SYS-2029BT-HNRSYS-2029BT-HTRSYS-2029BT-DNC0R,
SYS-2029BT-HNC0RSYS-2029BT-HNC1RSYS-2029BT-DNR

X11DPU

v 2.0

SYS-2029U-TN24R4TSYS-2029U-TR4SYS-2029U-TRT,
SYS-2029U-TRTPSYS-2029U-TR25MSYS-6029U-TR25M,
SYS-6029U-TR4SYS-6029U-TR4TSYS-6029U-TRT,
SYS-6029U-TRTPSYS-2029U-TR4TSYS-2029U-E1CR4,
SYS-6029U-E1CR25MSYS-2029U-E1CRTPSYS-2029U-E1CR25M,
SYS-6029U-E1CRTSYS-6029U-E1CRTPSYS-2029U-E1CR4T,
SYS-6029U-E1CR4TSYS-6029U-E1CR4SYS-2029U-E1CRT,
SYS-1029U-TR4SYS-6019U-TR4SYS-1029U-E1CR4,
SYS-6019U-TR4TSYS-6019U-TN4RTSYS-6019U-TRTP2,
SYS-6019U-TRTSYS-6019U-TRTPSYS-6019U-TR25M,
SYS-1029U-TN10RTSYS-1029U-E1CR4TSYS-1029U-E1CRT,
SYS-1029U-E1CRTPSYS-1029U-E1CRTP2SYS-1029U-E1CR25M,
SYS-1029U-TRTSYS-1029U-TR4TSYS-1029U-TRTP,
SYS-1029U-TRTP2SYS-1029U-TR25MSYS-6019U-TN4R4T

X11DPU-XLL

v 2.0

SYS-1029UX-LL1-S16SYS-1029UX-LL2-S16

X11DPU-Z+

v 2.0

SYS-6029UZ-TR4+SYS-2029UZ-TR4+SYS-1029UZ-TN20R25M,
SYS-2029UZ-TN20R25M

X11DPG-SN

TBD

SYS-2029GP-TR, SYS-1029GP-TR

X11DPG-QT

v 2.0

SYS-7049GP-TRT

X11DPi-NT

v 2.0

SYS-6029P-TRTSYS-7049P-TRTSYS-2029P-C1RT

X11DPi-N

v 2.0

SYS-6029P-TRSYS-7049P-TRSYS-2029P-C1R

X11DPL-I

v 2.0

SYS-1029P-MTSYS-1029P-MTRSYS-6019P-MT,
SYS-6019P-MTR

 

If you have any queries regarding this topic, please contact our support team via the partner portal, or email [email protected]


Single Processor (1P) X11 Systems

- The Update for X11SS_ Greenlow (E3-1200 v5/v6) motherboards is available now
- The Update for X11SP_ Purley (Intel Xeon Processor Scalable Family) is TBD

 

Motherboard

BIOS Status

Related Systems

X11SPi-TF

v 2.0a

SYS-5019P-MTSYS-5019P-MTR

X11SPL-F

v 2.0a

n/a

X11SPM-F

12/13/2017

SYS-5019P-M

X11SPM-TF

12/13/2017

n/a

X11SPM-TPF

12/13/2017

n/a

X11SPH-nCTF

v 2.0a

SSG-5029P-E1CTR12LSSG-5049P-E1CTR36L

X11SPH-nCTPF

v 2.0a

n/a

X11SPW-TF

v 1.0a

SYS-5019P-WTSYS-5019P-WTRSYS-5029P-WTR,
SYS-1019P-WTR

X11SPW-CTF

v 1.0a

n/a

X11SPG-TF

v 1.0a

SYS-5019GP-TTSYS-1019GP-TT

 

If you have any queries regarding this topic, please contact our support team via the partner portal, or email [email protected]

 

Motherboard

BIOS Status

Related Systems

X11SSL-F

v 2.0c

SYS-5019S-LSYS-5039D-i

X11SSL
X11SSM
X11SSM-F

v 2.0c

n/a

X11SSH-F

v 2.0c

SYS-5019S-MSYS-5019S-MRSYS-5019S-ML

X11SSH-LN4F

v 2.0c

SYS-5019S-MN4

X11SSW-4TF

v 2.0b

SYS-5019S-W4TR

X11SSW-TF

v 2.0b

n/a

X11SSA-F

v 2.0c

n/a

X11SSi-LN4F

v 2.0c

n/a

X11SSW-F

v 2.0c

SYS-5019S-WRSYS-1019S-WR

X11SSH-TF

v 2.0b

SYS-5019S-MT

X11SSH-CTF

v 2.0b

SYS-1019S-MC0T

X11SSL-CF

v 2.0c

n/a

X11SSL-nF

v 2.0c

n/a

X11SSH-GF-1585

v 1.0b

n/a

X11SSH-GF-1585L

v 1.0b

SYS-5019S-M-G1585LSYS-5019S-MR-G1585L

X11SSH-GTF-1585

v 1.0b

n/a

X11SSH-GTF-1585L

v 1.0b

n/a

 

If you have any queries regarding this topic, please contact our support team via the partner portal, or email [email protected]
 

SuperBlade, MicroBlade and MicroCloud Systems

 

Motherboard

BIOS Status

Related Systems

B11DPT

v 2.0
ETA 12/22/2017

SBI-4429P-T2NSBI-4129P-C2NSBI-4129P-T3N

B11DPE

v 2.0
ETA 12/22/2017

SBI-6429P-C3N

B11SPE-CPU-TF

v 2.0
ETA 12/22/2017

SBI-6419P-C3N

B11QPI

v 2.0
ETA 12/22/2017

SBI-8149P-T8NSBI-8149P-C4N

X11SSD-F

v 2.0c

SYS-5039MS-H8TRF

X11SSE-F

v 2.0b

SYS-5039MS-H12TR

B2SS1-CPU
B2SS1-CF
B2SS1-F

v 2.0b

MBI-6119G-C2
MBI-6119G-C4
MBI-6119G-T4

B2SS2-F

v 2.0b

MBI-6219G-T

B2SS1-MTF
B2SS1-H-MTF
B2SS2-MTF
B2SS2-H-MTF

v 1.1

MBI-6119G-T7LX
MBI-6119G-T8HX
MBI-6219G-T7LX
MBI-6219G-T8HX

 

If you have any queries regarding this topic, please contact our support team via the partner portal, or email [email protected]

 Multi-Processor X11 Motherboards

- All X11 Systems need to be updated to version 2.0 or greater of BIOS
- Availability is TBD


 Embedded, Workstation and Desktop Systems

- All systems based on the following processors need to be updated
- 6th, 7th & 8th Generation Intel® Core™ Processor Family
- Intel® Xeon® Processor W Family
- Intel® Atom® C3000 Processor Family
- Apollo Lake Intel® Atom Processor E3900 series
- Apollo Lake Intel® Pentium™
- Availability is TBD

 

Motherboard

BIOS Status

Related Systems

X11SAE

v 2.2
12/20/2017

SYS-5039A-IL

X11SAE-F

v 2.2
12/20/2017

n/a

X11SAE-M

v 2.2
12/20/2017

n/a

X11SAT

v 2.0c

n/a

X11SAT-F

v 2.0c

n/a

C7Z370-CG-IW

v 1.0

n/a

C7Z370-CG-L

v 1.0a

n/a

X11SSV-Q

v 2.0c

SYS-5029S-TN2

X11SSV-LVDS

v 2.0c

n/a

A2SAN-E

v 1.0b

SYS-E100-9APSYS-E100-9AP-IA

A2SAN-H

v 1.0b

n/a

A2SAN-L

v 1.0b

n/a

X11SAN

v 1.0b

SYS-E100-9APP

A2SDi-2C-HLN4F

v 1.0a

SYS-5029A-2TN4

A2SDi-4C-HLN4F

v 1.0a

SYS-E200-9A

A2SDi-8C-HLN4F

v 1.0a

SYS-5019A-FTN4

A2SDi-8C+-HLN4F

v 1.0a

n/a

A2SDi-12C-HLN4F

v 1.0a

n/a

A2SDi-16C-HLN4F

v 1.0a

n/a

A2SDi-H-TF

v 1.0a

n/a

A2SDi-H-TP4F

v 1.0a

n/a

A2SDi-LN4F

v 1.0a

SYS-5019A-12TN4

A2SDi-TP8F

v 1.0a

SYS-E300-9A

X11SSZ-QF

v 2.0c

SYS-1019S-M2

X11SSZ-F

v 2.0c

SYS-5019S-M2

X11SSZ-TLN4F

v 2.0c

n/a

X11SSQ

v 2.0c

n/a

X11SSQ-L

v 2.0c

n/a

X11SSV-M4

v 1.0b
(TBD)

SYS-1019S-MP

X11SSV-M4F

v 1.0b
(TBD)

SYS-5019S-TN4

A2SAV

v 1.0b

SYS-5029AP-TN2

A2SAV-L

v 1.0b

SYS-E200-9AP

X11SSA

v 2.0c

n/a

 

 

If you have any queries regarding this topic, please contact our support team via the partner portal, or email [email protected]

RSS Feed

Sign up to our RSS feed and get the latest news delivered as it happens.

click here

Test out any of our solutions at Boston Labs

To help our clients make informed decisions about new technologies, we have opened up our research & development facilities and actively encourage customers to try the latest platforms using their own tools and if necessary together with their existing hardware. Remote access is also available

Contact us

Boston Training Academy Presents: NVIDIA - Deep Learning Fundamentals

Latest Event

Boston Training Academy Presents: NVIDIA - Deep Learning Fundamentals | 7th - 7th June 2018, Boston Headquarters, Frogmore, St Albans

NVIDIA Deep Learning Institute (DLI) workshops, hosted by Boston, offer hands-on training for developers, data scientists, and researchers looking to solve challenging problems with deep learning.

more info