Community
ProLiant Servers (ML,DL,SL)
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

PaulP-Cambs
PaulP-Cambs
Occasional Advisor

‎03-21-2018 05:51 AM

‎03-21-2018 05:51 AM

ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hello

Intel's test (link below) reports that Intel ME 11.6.27.3264 is vulnerable.

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

However it appears to be the latest available for download from HPE's support.

Is there an update in the pipeline?

Does disabling this in BIOS actually mitigate curent vulnerabilities? (It is disabled but still reports as vulnerable)

Thank you

Paul

 

0 Kudos
Reply
4 REPLIES
FabioC1
FabioC1
HPE Pro

‎03-21-2018 07:32 AM

‎03-21-2018 07:32 AM

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hi  PaulP-Cambs 

Officially of HPE, have this information about vulnerabilyt 

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03767en_us

All Bouletins - https://support.hpe.com/portal/site/hpsc/public/kb/secBullArchive

If necessary more informatio do you can report to more information - https://www.hpe.com/h41268/live/index_e.aspx?qid=11503

 

 

FabioC1 - HPE Pro

If this helps you with your issue, please click the thumb to register a Kudo.
If it resolves the issue, please consider marking it as an Accepted Solution.
0 Kudos
Reply
PaulP-Cambs
PaulP-Cambs
Occasional Advisor

‎03-22-2018 01:04 AM - edited ‎03-22-2018 03:19 AM

‎03-22-2018 01:04 AM - edited ‎03-22-2018 03:19 AM

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hi

That vulnerability appears to relate to the BIOS - I've already patched the BIOS to 1.11.

As far as I can tell the latest Intel ME available is 11.6.27.3264(23 May 2017) here:

https://support.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772172&swItemId=MTX_67a275408a9b45aba72ad7cbc1&swEnvOid=4184

Intel's test for Intel ME vulnerabilities returns a result of vulnerable which suggests there should be a patch in HPE's pipeline - Ideally 11.8.50.3425 or higher as per advisory:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Intel® Xeon® Processor E3-1200 v5 Product Family
Recommended: Intel® ME 11.8.50.3425 or higher
Minimum: Intel® ME 11.8.50.3399
Intel® SPS 4.1.4.054

0 Kudos
Reply
PaulP-Cambs
PaulP-Cambs
Occasional Advisor

‎03-23-2018 03:04 AM

‎03-23-2018 03:04 AM

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Any idea when it might be made available please?

0 Kudos
Reply
PaulP-Cambs
PaulP-Cambs
Occasional Advisor

‎03-26-2018 03:08 AM

‎03-26-2018 03:08 AM

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

As this is still currently being sold - is it being sold with a known vulnerability for which there is an Intel patch that it doesn't have, or is Intel's patch just not being made available existing owners?

Or is there some other mitigation for the vulnerability Intel report?

Makes Lenovo's TS150 look more attractive for my next purchase - while the Lenvo costs more from my reseller, Lenovo have made the patches available, and worth noting also for their legacy TS140 E-1226v3 which I do have and is patched!

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.