Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT, and Intel® DAL Security Advisory: SA-00241
On November 12, 2019, Intel released information for security advisory Intel-SA-00241. This information was released as part of Intel's regular product update process.
The security advisory discloses that potential security vulnerabilities may allow escalation of privilege, denial of service, or information disclosure in:
- Intel® Converged Security and Manageability Engine (Intel® CSME)
- Intel® Server Platform Services (Intel® SPS)
- Intel® Trusted Execution Engine (Intel® TXE)
- Intel® Active Management Technology (Intel® AMT)
- Intel® Platform Trust Technology (Intel® PTT)
- Intel® Dynamic Application Loader (Intel® DAL)
Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.
Refer to the public security advisory SA-00241 for complete details on the CVEs and CVSS scores.
Affected products
Intel® CSME, Intel® AMT, Intel® DAL, and Intel® DAL software:
| Updated Version | Replaces Version |
| 11.8.70 | 11.8.65 |
| 11.11.70 | 11.11.65 |
| 11.22.70 | 11.22.65 |
| 12.0.45 | 12.0 through 12.0.35 |
| 13.0.10 or higher | 13.0.0 |
| 14.0.10 or higher | 14.0.0 |
Intel® SPS:
| Updated Version | Replaces Version |
| SPS_E5_04.00.04.381.0 | SPS_E5_04.00.03.199.0 through SPS_E5_04.00.04.380.0 |
| SPS_SoC-X_04.00.04.086.0 | SPS_SoC-X_04.00.04.051.0 through SPS_SoCX_04.00.04.085.0 |
| SPS_SoC-A_04.00.04.181.0 | SPS_SoC-A_04.00.03.065.0 through SPS_SoCA_04.00.04.180.0 |
| SPS_E3_04.01.04.054.0 | SPS_E3_04.01.03.021.0 through SPS_E3_04.01.04.053.0 |
Intel® TXE:
| Updated Version | Replaces Version |
| 3.1.70 | 3.0 through 3.1.65 |
| 4.0.20 | 4.0 through 4.0.15 |
| Note | Firmware versions Intel® Manageability Engine (Intel® ME) 3.x through 10.x, Intel® Trusted Execution Engine (Intel® TXE) 1.x through 2.x, and Intel® Server Platform Services 1.x through 2.X are no longer supported. Therefore, they weren't assessed for the vulnerabilities/CVEs listed in this Security Advisory. There's no new release planned for these versions. |
Recommendations
Contact your system or motherboard manufacturer to obtain a firmware or BIOS update that addresses this vulnerability. Intel can't provide updates for systems or motherboards from other manufacturers.
Frequently Asked Questions
Click or the topic for details:
What are the Vulnerability Descriptions, Common Vulnerabilities and Exposures (CVE) Numbers, and Common Vulnerability Scoring System (CVSS) information for the identified vulnerabilities associated with Intel® Manageability Engine?
See the Intel-SA-00241 Security Advisory for full information on the CVEs associated with this announcement.How can I determine if I'm impacted by this vulnerability?
Reboot your system and access the system BIOS. Intel® ME/Intel® CSME firmware information may be available in the BIOS information screens. If the information isn't available in the system BIOS, contact your system manufacturer for assistance.I have a system or motherboard manufactured by Intel (Intel® NUC, Intel® Mini PC, Intel® Server, Intel® Desktop Board) that is showing as vulnerable. What do I do?
Go to Intel Support and navigate to the support page for your product. You'll be able to check for BIOS or firmware updates for your system.I built my computer from components, but I don't have a system manufacturer to contact. What do I do?
Contact the manufacturer of the motherboard you purchased to build your system. They're responsible for distributing the correct BIOS or firmware update for the motherboard.If you have additional questions on this issue, contact Intel Customer Support.