Intel® Active Management Technology 9.x/10.x/11.x Security Review Cumulative Update (INTEL-SA-00112)

Documentation

Product Information & Documentation

000029388

07/16/2018

To improve the robustness of the Intel® Converged Security and Management Engine (Intel® CSME), Intel continues to perform security reviews of Intel CSME with the objective of enhancing firmware resilience. As a result, Intel has identified security vulnerabilities that could potentially place affected platforms at risk.

The issues affect Intel® Active Management Technology 3.x/4.x/5.x/6.x/7.x/8.x/9.x/10.x/11.x used in corporate PCs (Intel® vPro™, Intel® AMT), IoT devices, enterprise workstations, and servers. You may find these firmware versions on certain products:

  • Intel® Core™ 2 Duo vPro™ Technology and Intel® Centrino™ 2 vPro™ Technology
  • 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, and 8th generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
  • Intel® Xeon® Scalable Processor Family
  • Intel® Xeon® W processor Family
To assist in determining if this vulnerability impacts your product, you can use the Intel® SCS System Discovery Utility to verify the current provisioning state and Intel® Converged Security and Management Engine (Intel® CSME) version number of the impacted manageability SKU.

Intel has validated and released firmware updates that address these issues for Intel® ME 9.x, 10.x, and 11.x. Intel made updates available to system manufacturers in March 2018. Intel recommends that end users check with their system manufacturers and apply any available updates, based on the versions listed below:

Associated CPU generation Resolved firmware versions
4th generation Intel® Core™ Processor Family Intel® Converged Security and Management Engine (Intel® CSME) 9.1.43 or higher
Intel® CSME 9.5.63 or higher
5th generation Intel® Core™ Processor Family Intel® CSME 10.0.57 or higher
6th generation Intel® Core™ Processor Family Intel® CSME 11.8.50 or higher
7th generation Intel® Core™ Processor Family Intel® CSME 11.8.50 or higher
8th generation Intel® Core™ Processor Family Intel® CSME 11.8.50 or higher
Intel® Xeon® Processor E3-1200 v5 and v6 Product Family Intel® CSME 11.8.50 or higher
Intel® Xeon® Scalable Processor Family Intel® CSME 11.21.51 or higher
Intel® Xeon® W processor Family Intel® CSME 11.11.50 or higher

Intel® CSME firmware versions 3.x-8.x are no longer supported and won't receive a firmware update. CSME 3.x-8.x versions were supported for the following products:

  • Intel® Core™ 2 Duo vPro™
  • Intel® Centrino™ 2 vPro™
  • 1st generation Intel® Core™ Processors
  • 2nd generation Intel® Core™ Processors
  • 3rd generation Intel® Core™ Processors

View Intel Security Advisory INTEL-SA-00112 for additional details.

Contact your system/equipment manufacturer to obtain needed updates.

Questions and Answers

Click or the question for the answer:

Does this issue impact consumer Intel® Management Engine (Intel® ME) products? No, consumer Intel® Management Engine (Intel® ME) firmware SKUs aren't affected.
Does Intel® Active Management Technology or Intel® Standard Manageability technology need to be enabled and provisioned to be vulnerable to these CVEs? Yes, Intel® Active Management Technology or Intel® Standard Manageability technology must be enabled and provisioned to be vulnerable to these CVEs.
I built my computer from components; I don't have a system manufacturer to contact. What do I do? Contact the manufacturer of the motherboard you purchased to build your system. They're responsible for distributing the correct BIOS or firmware update for the motherboard.
Is Intel® Management Engine 12.x and higher affected by these identified issues? No, these identified issues don't affect Intel® Management Engine 12.x and higher.