ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

PaulP-Cambs
Occasional Advisor

ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hello

Intel's test (link below) reports that Intel ME 11.6.27.3264 is vulnerable.

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

However it appears to be the latest available for download from HPE's support.

Is there an update in the pipeline?

Does disabling this in BIOS actually mitigate curent vulnerabilities? (It is disabled but still reports as vulnerable)

Thank you

Paul

 

4 REPLIES
FabioC1
HPE Pro

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hi  PaulP-Cambs 

Officially of HPE, have this information about vulnerabilyt 

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03767en_us

All Bouletins - https://support.hpe.com/portal/site/hpsc/public/kb/secBullArchive

If necessary more informatio do you can report to more information - https://www.hpe.com/h41268/live/index_e.aspx?qid=11503

 

 

FabioC1 - HPE Pro

If this helps you with your issue, please click the thumb to register a Kudo.
If it resolves the issue, please consider marking it as an Accepted Solution.
PaulP-Cambs
Occasional Advisor

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hi

That vulnerability appears to relate to the BIOS - I've already patched the BIOS to 1.11.

As far as I can tell the latest Intel ME available is 11.6.27.3264(23 May 2017) here:

https://support.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772172&swItemId=MTX_67a275408a9b45aba72ad7cbc1&swEnvOid=4184

Intel's test for Intel ME vulnerabilities returns a result of vulnerable which suggests there should be a patch in HPE's pipeline - Ideally 11.8.50.3425 or higher as per advisory:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Intel® Xeon® Processor E3-1200 v5 Product Family
Recommended: Intel® ME 11.8.50.3425 or higher
Minimum: Intel® ME 11.8.50.3399
Intel® SPS 4.1.4.054

PaulP-Cambs
Occasional Advisor

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Any idea when it might be made available please?

PaulP-Cambs
Occasional Advisor

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

As this is still currently being sold - is it being sold with a known vulnerability for which there is an Intel patch that it doesn't have, or is Intel's patch just not being made available existing owners?

Or is there some other mitigation for the vulnerability Intel report?

Makes Lenovo's TS150 look more attractive for my next purchase - while the Lenvo costs more from my reseller, Lenovo have made the patches available, and worth noting also for their legacy TS140 E-1226v3 which I do have and is patched!