Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT, and Intel® DAL Security Advisory: SA-00241

Documentation

Product Information & Documentation

000055675

02/14/2020

On November 12, 2019, Intel released information for security advisory Intel-SA-00241. This information was released as part of Intel's regular product update process.

The security advisory discloses that potential security vulnerabilities may allow escalation of privilege, denial of service, or information disclosure in:

  • Intel® Converged Security and Manageability Engine (Intel® CSME)
  • Intel® Server Platform Services (Intel® SPS)
  • Intel® Trusted Execution Engine (Intel® TXE)
  • Intel® Active Management Technology (Intel® AMT)
  • Intel® Platform Trust Technology (Intel® PTT)
  • Intel® Dynamic Application Loader (Intel® DAL)

Intel is releasing firmware and software updates to mitigate these potential vulnerabilities.

Refer to the public security advisory SA-00241 for complete details on the CVEs and CVSS scores.

Affected products

Intel® CSME, Intel® AMT, Intel® DAL, and Intel® DAL software:

Updated Version Replaces Version
11.8.70 11.8.65
11.11.70 11.11.65
11.22.70 11.22.65
12.0.45 12.0 through 12.0.35
13.0.10 or higher 13.0.0
14.0.10 or higher 14.0.0

Intel® SPS:

Updated Version Replaces Version
SPS_E5_04.00.04.381.0 SPS_E5_04.00.03.199.0 through SPS_E5_04.00.04.380.0
SPS_SoC-X_04.00.04.086.0 SPS_SoC-X_04.00.04.051.0 through SPS_SoCX_04.00.04.085.0
SPS_SoC-A_04.00.04.181.0 SPS_SoC-A_04.00.03.065.0 through SPS_SoCA_04.00.04.180.0
SPS_E3_04.01.04.054.0 SPS_E3_04.01.03.021.0 through SPS_E3_04.01.04.053.0

Intel® TXE:

Updated Version Replaces Version
3.1.70 3.0 through 3.1.65
4.0.20 4.0 through 4.0.15

 

Note Firmware versions Intel® Manageability Engine (Intel® ME) 3.x through 10.x, Intel® Trusted Execution Engine (Intel® TXE) 1.x through 2.x, and Intel® Server Platform Services 1.x through 2.X are no longer supported. Therefore, they weren't assessed for the vulnerabilities/CVEs listed in this Security Advisory. There's no new release planned for these versions.

Recommendations

Contact your system or motherboard manufacturer to obtain a firmware or BIOS update that addresses this vulnerability. Intel can't provide updates for systems or motherboards from other manufacturers.

 

Frequently Asked Questions

Click or the topic for details:

What are the Vulnerability Descriptions, Common Vulnerabilities and Exposures (CVE) Numbers, and Common Vulnerability Scoring System (CVSS) information for the identified vulnerabilities associated with Intel® Manageability Engine?See the Intel-SA-00241 Security Advisory for full information on the CVEs associated with this announcement.
How can I determine if I'm impacted by this vulnerability?Reboot your system and access the system BIOS. Intel® ME/Intel® CSME firmware information may be available in the BIOS information screens. If the information isn't available in the system BIOS, contact your system manufacturer for assistance.
I have a system or motherboard manufactured by Intel (Intel® NUC, Intel® Mini PC, Intel® Server, Intel® Desktop Board) that is showing as vulnerable. What do I do?Go to Intel Support and navigate to the support page for your product. You'll be able to check for BIOS or firmware updates for your system.
I built my computer from components, but I don't have a system manufacturer to contact. What do I do?Contact the manufacturer of the motherboard you purchased to build your system. They're responsible for distributing the correct BIOS or firmware update for the motherboard.

If you have additional questions on this issue, contact Intel Customer Support.