Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems
Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems
Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems
Lenovo Security Advisory: LEN-9903
Potential Impact: Denial of service or privilege escalation by an attacker with administrative access
Severity: Medium
Scope of Impact: Industry-Wide
CVE Identifier: CVE-2016-8224
Summary Description:
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.
The Intel Management Engine (ME) is a set of hardware features developed by Intel that enable administrators to manage, repair and protect computers on their networks. During the manufacturing process, a setting is configured on the manufacturing line that locks regions of memory used by the ME and prevents them from being reconfigured. Lenovo has discovered that this protection was not enabled on certain Lenovo systems.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your system to the latest BIOS level by following the links below.
Please click for more info.
Acknowledgements:
Lenovo thanks Alexander Ermolov from Digital Security ltd.
Other information and references:
https://software.intel.com/en-us/blogs/2011/12/14/intelr-amt-and-the-intelr-me
Revision History:
Revision |
Date |
Description |
2.0 | 11/29/2016 | Updated versions and links for Lenovo Notebook and ThinkServer products. |
1.0 |
11/17/2016 |
Initial release |
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Product Impact:
Product | Minimum BIOS version to fix | Link | Last Update |
110-14IBR/110-15IBR | 1GCN19WW | http://support.lenovo.com/downloads/DS112727 | 11/17/2016 |
B70-80 | D1CN96WW | http://support.lenovo.com/downloads/DS103265 | 11/17/2016 |
E31-80 | DCCN39WW | http://support.lenovo.com/downloads/DS112433 | 11/17/2016 |
E40-80 | A8CN54WW | http://support.lenovo.com/downloads/DS102219 | 11/17/2016 |
E41-80 | D7CN33WW | http://support.lenovo.com/downloads/DS118274 | 11/17/2016 |
E51-80 | D7CN33WW | http://support.lenovo.com/downloads/DS118274 | 11/17/2016 |
G40-80 | B0CNA0WW | http://support.lenovo.com/downloads/DS102231 | 11/17/2016 |
G50-80 | B0CNA0WW | http://support.lenovo.com/downloads/DS102231 | 11/17/2016 |
G50-80 Touch | B0CNA0WW | http://support.lenovo.com/downloads/DS102231 | 11/17/2016 |
Ideapad 300-14IBR/300-15IBR | C9CN47WW | http://support.lenovo.com/downloads/DS112778 | 11/17/2016 |
Ideapad 300-14ISK/300-15ISK/300-17ISK | D5CN47WW | http://support.lenovo.com/downloads/DS106016 | 11/17/2016 |
Ideapad 510S-12ISK | 0VCN22WW | Contact your local servicer or contact the Lenovo support center | 11/29/2016 |
K21-80 | Requires Tool | Contact your local servicer or contact the Lenovo support center | 11/29/2016 |
K41-80 | Requires Tool | Contact your local servicer or contact the Lenovo support center | 11/29/2016 |
MIIX 710-12IKB | 3TCN21WW | http://support.lenovo.com/downloads/DS119008 | 11/17/2016 |
XiaoXin Air 12 | 2RCN36WW | Contact your local servicer or contact the Lenovo support center | 11/29/2016 |
YOGA 510-14ISK/510-15ISK | 0VCN22WW | http://support.lenovo.com/downloads/DS112899 | 11/17/2016 |
YOGA 710-11IKB | 0UCN22WW | http://support.lenovo.com/downloads/DS113108 | 11/17/2016 |
Yoga 710-11ISK | 0UCN22WW | http://support.lenovo.com/downloads/DS113108 | 11/17/2016 |
Yoga 900-13ISK | C6CN39WW | http://support.lenovo.com/downloads/DS105231 | 11/29/2016 |
YOGA 900S-12ISK | E1CN47WW | http://support.lenovo.com/downloads/ds112723 | 11/17/2016 |
Product | Minimum BIOS version to fix | Link | Last Update |
ThinkServer TS150 | FWKT58B | http://support.lenovo.com/us/en/products/Servers/ThinkServer-tower-servers/ThinkServer-TS150?linkTrack=Caps%253ABody_SearchProduct&tabName=downloads&beta=false | 11/17/2016 |
ThinkServer TS250 | FWKT58B | http://support.lenovo.com.cn/lenovo/wsi/Modules/DriverDetailServer.aspx?ID=110427 | 11/29/2016 |
ThinkServer TS450 | FWKT58B | http://support.lenovo.com/us/en/products/Servers/ThinkServer-tower-servers/ThinkServer-TS150?linkTrack=Caps%253ABody_SearchProduct&tabName=downloads&beta=false | 11/17/2016 |
ThinkServer TS550 | FWKT58B | http://support.lenovo.com.cn/lenovo/wsi/Modules/DriverDetailServer.aspx?ID=110427 | 11/29/2016 |
Your feedback helps to improve the overall experience