Vostro 430 - Intel IME vulnerability

This is mainly a user-to-user forum and only Dell knows their plans about systems not currently listed on that Client Statement.

Dell has not supported the Vostro 430 beyond Win 7, so they may have decided that it reached "End of Life" so won't be issuing an update for this latest Intel issue.

I pinged my Dell tech contacts...

The Vostro 430 is not affected.

As per the Intel advisory, of the Intel Core CPUs, only systems with 6th generation (Skylake) and newer are affected. The Vostro 430 uses 1st generation (Nehalem) CPUs. I hope this helps.

Interesting because I had a Latitude e6510 which has a first gen core i5 CPU which according to dell was affected. As for a Vostro 430 It is weird that a similar age system is not supported

Just to clarify, there are two different Intel vulnerabilities which have been widely reported recently.

The AMT/vPro one - INTEL-SA-00075 (released May 01, 2017) followed by the ME/TXE one - INTEL-SA-00086 (released Nov 20, 2017)

security-center.intel.com/advisory.aspx

security-center.intel.com/advisory.aspx

Vostro 430 uses   Intel H57 Express chipset.
Typical cpu
Intel Core i5 750 / 2.66 GHz  VPRO = NO for this CPU.

https://ark.intel.com/products/42915/Intel-Core-i5-750-Processor-8M-Cache-2_66-GHz

socket 1156

**********************************************************************

The E6510 uses Mobile Intel® QM57 Express Chipset
Intel® CoreTM i5-540M
Socket   BGA1288, PGA988

You can't broad brush and use Core I5 and Generation and equate to them being the same.
They are not.
None of your older systems have the vPro CPU, Intel® Trusted Execution Technology , or INTEL AMT. The versions of CPU and AMT are the issue not a generation of Core I5.

Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6

https://www.intel.com/content/www/us/en/architecture-and-technology/intel-amt-vulnerability-announcement.html

On May 4, Intel® released a downloadable discovery tool that will analyze your system for the vulnerability. IT professionals who are familiar with the configuration of their systems and networks can use this tool, or can see the Intel® security advisory for full details on vulnerability detection and mitigation.

Business PCs and workstations are sometimes used by consumers and small businesses. If you are not an IT professional or unsure if your system is among those affected, you can still download and run the discovery tool. Instructions for using the tool can be downloaded from the same page.

Consumer PCs with consumer firmware and data center servers using Intel® Server Platform Services are not affected by this vulnerability.

Some comments to the above:

the Vostro 430 comes also with the Core i7-860 (Lynnfield)

https://ark.intel.com/products/41316/Intel-Core-i7-860-Processor-8M-Cache-2_80-GHz

re. INTEL-SA-00086: the Intel detection tool does result in "The detected version of the IME firmware is considered vulnerable for INTEL-SA-00086"  ME information: version 6.0.30.1203 SVN:0 (detection tool version 1.0.0.146)

This contradicts that the SA-00086 would only impact processors from generation 6-7-8 (the CPU above is much older, 1st gen).

re. INTEL-SA-00075: the processor has vPRO:  Intel® vPro™ Technology : Yes

The intel detection and mitigation tool gives this CPU a "not vulnerable. This ME SKU is not affected" for the SA-00075

remains: how come the intel SA-00086 should not affect first gen Intel Core i7's while the detection tool reports a vulnerability- > false positive ?

thanks!

All 3 pieces must be in place

vPro CPU,

Intel® Trusted Execution Technology ,

INTEL AMT

Vpro being available does not mean that this feature is implemented in the CPU , CHIPSET and BIOS.

Dell cannot answer why an INTEL tool says one thing or another.

Vostro 430 uses   Intel H57 Express chipset. Typical cpu Intel Core i5 750 / 2.66 GHz  VPRO = NO for this CPU. https://ark.intel.com/products/42915/Intel-Core-i5-750-Processor-8M-Cache-2_66-GHz   socket 1156 ********************************************************************** The E6510 uses Mobile Intel® QM57 Express Chipset Intel® CoreTM i5-540M Socket   BGA1288, PGA988 You can't broad brush and use Core I5 and Generation and equate to them being the same. They are not. None of your older systems have the vPro CPU, Intel® Trusted Execution Technology , or INTEL AMT. The versions of CPU and AMT are the issue not a generation of Core I5. Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 https://www.intel.com/content/www/us/en/architecture-and-technology/intel-amt-vulnerability-announcement.html   On May 4, Intel® released a downloadable discovery tool that will analyze your system for the vulnerability. IT professionals who are familiar with the configuration of their systems and networks can use this tool, or can see the Intel® security advisory for full details on vulnerability detection and mitigation. Business PCs and workstations are sometimes used by consumers and small businesses. If you are not an IT professional or unsure if your system is among those affected, you can still download and run the discovery tool. Instructions for using the tool can be downloaded from the same page. Consumer PCs with consumer firmware and data center servers using Intel® Server Platform Services are not affected by this vulnerability.

Oh, wait I just realized intel-sa-00086  don't even apply to my system, HAHA.