This post is more than 5 years old
2 Posts
0
3998
Vostro 430 - Intel IME vulnerability
the Vostro 430 is not listed in the Dell Client Statement on Intel ME/TXE Advisory (INTEL-SA-00086)
The system is confirmed vulnerable by the intel detection tool (core i7). I may assume Dell will also be updating the BIOS or MEFW for this system ?
Vostro 430 desktop
www.dell.com/.../dell-client-statement-on-intel-me-txe-advisory--intel-sa-00086-
elpro999dell
367 Posts
1
December 13th, 2017 18:00
INTEL-SA-00086 does not apply to Nehalem architecture only to Skylake, Kaby Lake, and the latest Coffee Lake\Cannon Lake.
RoHe
10 Elder
10 Elder
•
44.6K Posts
0
December 11th, 2017 17:00
This is mainly a user-to-user forum and only Dell knows their plans about systems not currently listed on that Client Statement.
Dell has not supported the Vostro 430 beyond Win 7, so they may have decided that it reached "End of Life" so won't be issuing an update for this latest Intel issue.
I pinged my Dell tech contacts...
DELL-Alasdair R
4 Operator
4 Operator
•
754 Posts
0
December 12th, 2017 02:00
The Vostro 430 is not affected.
As per the Intel advisory, of the Intel Core CPUs, only systems with 6th generation (Skylake) and newer are affected. The Vostro 430 uses 1st generation (Nehalem) CPUs. I hope this helps.
elpro999dell
367 Posts
0
December 12th, 2017 06:00
Interesting because I had a Latitude e6510 which has a first gen core i5 CPU which according to dell was affected. As for a Vostro 430 It is weird that a similar age system is not supported
DELL-Alasdair R
4 Operator
4 Operator
•
754 Posts
0
December 12th, 2017 08:00
Just to clarify, there are two different Intel vulnerabilities which have been widely reported recently.
The AMT/vPro one - INTEL-SA-00075 (released May 01, 2017) followed by the ME/TXE one - INTEL-SA-00086 (released Nov 20, 2017)
security-center.intel.com/advisory.aspx
security-center.intel.com/advisory.aspx
speedstep
9 Legend
9 Legend
•
47K Posts
0
December 12th, 2017 08:00
Vostro 430 uses Intel H57 Express chipset.
Typical cpu
Intel Core i5 750 / 2.66 GHz VPRO = NO for this CPU.
https://ark.intel.com/products/42915/Intel-Core-i5-750-Processor-8M-Cache-2_66-GHz
socket 1156
**********************************************************************
The E6510 uses Mobile Intel® QM57 Express Chipset
Intel® CoreTM i5-540M
Socket BGA1288, PGA988
You can't broad brush and use Core I5 and Generation and equate to them being the same.
They are not.
None of your older systems have the vPro CPU, Intel® Trusted Execution Technology , or INTEL AMT. The versions of CPU and AMT are the issue not a generation of Core I5.
Intel® Standard Manageability (ISM), and Intel® Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6
https://www.intel.com/content/www/us/en/architecture-and-technology/intel-amt-vulnerability-announcement.html
On May 4, Intel® released a downloadable discovery tool that will analyze your system for the vulnerability. IT professionals who are familiar with the configuration of their systems and networks can use this tool, or can see the Intel® security advisory for full details on vulnerability detection and mitigation.
Business PCs and workstations are sometimes used by consumers and small businesses. If you are not an IT professional or unsure if your system is among those affected, you can still download and run the discovery tool. Instructions for using the tool can be downloaded from the same page.
Consumer PCs with consumer firmware and data center servers using Intel® Server Platform Services are not affected by this vulnerability.
fm14568
2 Posts
0
December 12th, 2017 14:00
Some comments to the above:
the Vostro 430 comes also with the Core i7-860 (Lynnfield)
https://ark.intel.com/products/41316/Intel-Core-i7-860-Processor-8M-Cache-2_80-GHz
re. INTEL-SA-00086: the Intel detection tool does result in "The detected version of the IME firmware is considered vulnerable for INTEL-SA-00086" ME information: version 6.0.30.1203 SVN:0 (detection tool version 1.0.0.146)
This contradicts that the SA-00086 would only impact processors from generation 6-7-8 (the CPU above is much older, 1st gen).
re. INTEL-SA-00075: the processor has vPRO: Intel® vPro™ Technology : Yes
The intel detection and mitigation tool gives this CPU a "not vulnerable. This ME SKU is not affected" for the SA-00075
remains: how come the intel SA-00086 should not affect first gen Intel Core i7's while the detection tool reports a vulnerability- > false positive ?
thanks!
speedstep
9 Legend
9 Legend
•
47K Posts
1
December 13th, 2017 05:00
All 3 pieces must be in place
vPro CPU,
Intel® Trusted Execution Technology ,
INTEL AMT
Vpro being available does not mean that this feature is implemented in the CPU , CHIPSET and BIOS.
Dell cannot answer why an INTEL tool says one thing or another.
elpro999dell
367 Posts
0
December 13th, 2017 18:00
Oh, wait I just realized intel-sa-00086 don't even apply to my system, HAHA.