HPE Community
ProLiant Servers (ML,DL,SL)
1820881 Members
3935 Online
109628 Solutions
New Discussion ī„‚

ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

 
PaulP-Cambs
Occasional Advisor

ā€Ž03-21-2018 05:51 AM

ā€Ž03-21-2018 05:51 AM

ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hello

Intel's test (link below) reports that Intel ME 11.6.27.3264 is vulnerable.

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

However it appears to be the latest available for download from HPE's support.

Is there an update in the pipeline?

Does disabling this in BIOS actually mitigate curent vulnerabilities? (It is disabled but still reports as vulnerable)

Thank you

Paul

 

0 Kudos
Reply
4 REPLIES 4
FabioC1
HPE Pro

ā€Ž03-21-2018 07:32 AM

ā€Ž03-21-2018 07:32 AM

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hi  PaulP-Cambs 

Officially of HPE, have this information about vulnerabilyt 

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesb3p03767en_us

All Bouletins - https://support.hpe.com/portal/site/hpsc/public/kb/secBullArchive

If necessary more informatio do you can report to more information - https://www.hpe.com/h41268/live/index_e.aspx?qid=11503

 

 

FabioC1 - HPE Pro

Accept or Kudo

0 Kudos
Reply
PaulP-Cambs
Occasional Advisor

ā€Ž03-22-2018 01:04 AM - edited ā€Ž03-22-2018 03:19 AM

ā€Ž03-22-2018 01:04 AM - edited ā€Ž03-22-2018 03:19 AM

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Hi

That vulnerability appears to relate to the BIOS - I've already patched the BIOS to 1.11.

As far as I can tell the latest Intel ME available is 11.6.27.3264(23 May 2017) here:

https://support.hpe.com/hpsc/swd/public/detail?sp4ts.oid=1008772172&swItemId=MTX_67a275408a9b45aba72ad7cbc1&swEnvOid=4184

Intel's test for Intel ME vulnerabilities returns a result of vulnerable which suggests there should be a patch in HPE's pipeline - Ideally 11.8.50.3425 or higher as per advisory:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

IntelĀ® XeonĀ® Processor E3-1200 v5 Product Family
Recommended: IntelĀ® ME 11.8.50.3425 or higher
Minimum: IntelĀ® ME 11.8.50.3399
IntelĀ® SPS 4.1.4.054

0 Kudos
Reply
PaulP-Cambs
Occasional Advisor

ā€Ž03-23-2018 03:04 AM

ā€Ž03-23-2018 03:04 AM

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

Any idea when it might be made available please?

0 Kudos
Reply
PaulP-Cambs
Occasional Advisor

ā€Ž03-26-2018 03:08 AM

ā€Ž03-26-2018 03:08 AM

Re: ML10 Gen9 - latest Intel ME - Vulnerable - as of 21 March 2018

As this is still currently being sold - is it being sold with a known vulnerability for which there is an Intel patch that it doesn't have, or is Intel's patch just not being made available existing owners?

Or is there some other mitigation for the vulnerability Intel report?

Makes Lenovo's TS150 look more attractive for my next purchase - while the Lenvo costs more from my reseller, Lenovo have made the patches available, and worth noting also for their legacy TS140 E-1226v3 which I do have and is patched!

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.