Dell to patch AMT-vulnerable systems

BIOS fixes for most boxen promised Friday


Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, is scrambling to catch up with peers HP Inc, Lenovo and Fujitsu.

In a note published on Friday, the company said it would publish firmware fixes for most vulnerable kit.

As readers should already know, Intel introduced the bug in 2010, and it turned out that an attacker need only offer an empty login string to Chipzilla's VPro AMT remote management firmware to access vulnerable systems.

Intel has published a scanner for the bug, designated CVE-2017-5689.

The company emphasises that “only those purchased with Intel AMT, SBT, or ISM capability are vulnerable”. Fixes will appear at Dell's support page, it said.

Systems without a scheduled fix release date include:

Client System Firmware Version
OptiPlex 9010 AIO 8.1.71.3608
OptiPlex 9010 8.1.71.3608
OptiPlex 790 7.1.91.3272
OptiPlex 990 7.1.91.3272
OptiPlex 780 6.2.61.3535
Latitude E6440 ATG 9.1.41.3024
Latitude E5530 8.1.71.3608
Latitude E6320 7.1.91.3272
Latitude E6420 7.1.91.3272
Latitude E6520 7.1.91.3272
Latitude E6420 XFR 7.1.91.3272
Latitude E6220 7.1.91.3272
Latitude XT3 7.1.91.3272
Latitude E4310 6.2.61.3535
Latitude E6510 6.2.61.3535
Latitude E6410 6.2.61.3535
Latitude E6410 ATG 6.2.61.3535
Precision T1650 8.1.71.3608
Precision M4600 7.1.91.3272
Precision M6600 7.1.91.3272
Precision T1600 7.1.91.3272
Precision T7600 7.1.91.3272 (WS)
Precision T5600 7.1.91.3272 (WS)
Precision T5600XL 7.1.91.3272 (WS)
Precision T3600 7.1.91.3272 (WS)
Precision T3600XL 7.1.91.3272 (WS)
Precision M4500 6.2.61.3535

®


Keep Reading

Intel sues former staffer for allegedly stealing Xeon cloud secrets in USB drives and exploiting info at Microsoft

Redmond says it used forensics to find files on its own gear... rather than avail itself of deals for rivals

Now-patched Ubuntu desktop vulnerability allows privilege escalation

'Unusual for a vulnerability on a modern operating system to be this easy to exploit,' says bughunter

Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers

Chocolate Factory spills beans early on privilege-escalation flaw

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

Lack of protections around trace facility gives local users read and write access

Microsoft Patch Tuesday gaffe leads netizens to 'Microosft' typo-squatting domain

Patch Tuesday That aside, enjoy the light load of 56 vulns in Windows and other code

Microsoft kills broad entry-level IT certifications, replaces them with all-Microsoft curriculum

‘Technology Associate’ exams that taught general skills like Python, HTML and Java are on the way out. No refunds offered

We spent way too long on this Microsoft, Intel, Adobe, SAP, Red Hat Patch Tuesday article. Just click on it, pretend to read it, apply updates

Patch Tuesday Please, thanks, good show, cheers, ta

Microsoft emits 112 security hole fixes – including the cure for a Google-disclosed kernel vuln exploited in the wild

Patch Tuesday Android, Adobe, SAP, Red Hat join the bug-busting party

Biting the hand that feeds IT © 1998–2021