Dell to patch AMT-vulnerable systems

BIOS fixes for most boxen promised Friday

Dell, which last week was scrambling to work out which of its systems are affected by the Intel AMT vulnerability, is scrambling to catch up with peers HP Inc, Lenovo and Fujitsu.

In a note published on Friday, the company said it would publish firmware fixes for most vulnerable kit.

As readers should already know, Intel introduced the bug in 2010, and it turned out that an attacker need only offer an empty login string to Chipzilla's VPro AMT remote management firmware to access vulnerable systems.

Intel has published a scanner for the bug, designated CVE-2017-5689.

The company emphasises that “only those purchased with Intel AMT, SBT, or ISM capability are vulnerable”. Fixes will appear at Dell's support page, it said.

Systems without a scheduled fix release date include:

Client System Firmware Version
OptiPlex 9010 AIO
OptiPlex 9010
OptiPlex 790
OptiPlex 990
OptiPlex 780
Latitude E6440 ATG
Latitude E5530
Latitude E6320
Latitude E6420
Latitude E6520
Latitude E6420 XFR
Latitude E6220
Latitude XT3
Latitude E4310
Latitude E6510
Latitude E6410
Latitude E6410 ATG
Precision T1650
Precision M4600
Precision M6600
Precision T1600
Precision T7600 (WS)
Precision T5600 (WS)
Precision T5600XL (WS)
Precision T3600 (WS)
Precision T3600XL (WS)
Precision M4500


Keep Reading

Intel sues former staffer for allegedly stealing Xeon cloud secrets in USB drives and exploiting info at Microsoft

Redmond says it used forensics to find files on its own gear... rather than avail itself of deals for rivals

Now-patched Ubuntu desktop vulnerability allows privilege escalation

'Unusual for a vulnerability on a modern operating system to be this easy to exploit,' says bughunter

Windows kernel vulnerability disclosed by Google's Project Zero after bug exploited in the wild by hackers

Chocolate Factory spills beans early on privilege-escalation flaw

Shared memory vulnerability in IBM's Db2 database could let nefarious insiders wreak havoc – so get patching

Lack of protections around trace facility gives local users read and write access

Microsoft Patch Tuesday gaffe leads netizens to 'Microosft' typo-squatting domain

Patch Tuesday That aside, enjoy the light load of 56 vulns in Windows and other code

Microsoft kills broad entry-level IT certifications, replaces them with all-Microsoft curriculum

‘Technology Associate’ exams that taught general skills like Python, HTML and Java are on the way out. No refunds offered

We spent way too long on this Microsoft, Intel, Adobe, SAP, Red Hat Patch Tuesday article. Just click on it, pretend to read it, apply updates

Patch Tuesday Please, thanks, good show, cheers, ta

Microsoft emits 112 security hole fixes – including the cure for a Google-disclosed kernel vuln exploited in the wild

Patch Tuesday Android, Adobe, SAP, Red Hat join the bug-busting party

Biting the hand that feeds IT © 1998–2021