Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems

Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems

Intel Management Engine protection not set on some Lenovo Notebook and ThinkServer systems

Lenovo Security Advisory: LEN-9903

Potential Impact: Denial of service or privilege escalation by an attacker with administrative access

Severity: Medium

Scope of Impact: Industry-Wide

CVE Identifier: CVE-2016-8224

 

Summary Description:

A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system.

The Intel Management Engine (ME) is a set of hardware features developed by Intel that enable administrators to manage, repair and protect computers on their networks. During the manufacturing process, a setting is configured on the manufacturing line that locks regions of memory used by the ME and prevents them from being reconfigured. Lenovo has discovered that this protection was not enabled on certain Lenovo systems.

Mitigation Strategy for Customers (what you should do to protect yourself):

Update your system to the latest BIOS level by following the links below.
 

Product Impact:

Please click for more info.

Lenovo Notebook

ThinkServer

 

Acknowledgements: 

Lenovo thanks Alexander Ermolov from Digital Security ltd.

Other information and references:

https://software.intel.com/en-us/blogs/2011/12/14/intelr-amt-and-the-intelr-me

Revision History:

Revision

Date

Description

2.0 11/29/2016 Updated versions and links for Lenovo Notebook and ThinkServer products.  

1.0

11/17/2016

Initial release

 

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Product Impact:

 

Lenovo Notebook

Product Minimum BIOS version to fix Link Last Update
110-14IBR/110-15IBR 1GCN19WW http://support.lenovo.com/downloads/DS112727 11/17/2016
B70-80 D1CN96WW http://support.lenovo.com/downloads/DS103265 11/17/2016
E31-80 DCCN39WW http://support.lenovo.com/downloads/DS112433 11/17/2016
E40-80 A8CN54WW http://support.lenovo.com/downloads/DS102219 11/17/2016
E41-80 D7CN33WW http://support.lenovo.com/downloads/DS118274 11/17/2016
E51-80 D7CN33WW http://support.lenovo.com/downloads/DS118274 11/17/2016
G40-80 B0CNA0WW http://support.lenovo.com/downloads/DS102231 11/17/2016
G50-80 B0CNA0WW http://support.lenovo.com/downloads/DS102231 11/17/2016
G50-80 Touch B0CNA0WW http://support.lenovo.com/downloads/DS102231 11/17/2016
Ideapad 300-14IBR/300-15IBR C9CN47WW http://support.lenovo.com/downloads/DS112778 11/17/2016
Ideapad 300-14ISK/300-15ISK/300-17ISK D5CN47WW http://support.lenovo.com/downloads/DS106016 11/17/2016
Ideapad 510S-12ISK 0VCN22WW Contact your local servicer or contact the Lenovo support center 11/29/2016
K21-80 Requires Tool Contact your local servicer or contact the Lenovo support center 11/29/2016
K41-80 Requires Tool Contact your local servicer or contact the Lenovo support center 11/29/2016
MIIX 710-12IKB  3TCN21WW http://support.lenovo.com/downloads/DS119008 11/17/2016
XiaoXin Air 12 2RCN36WW Contact your local servicer or contact the Lenovo support center 11/29/2016
YOGA 510-14ISK/510-15ISK 0VCN22WW http://support.lenovo.com/downloads/DS112899 11/17/2016
YOGA 710-11IKB 0UCN22WW http://support.lenovo.com/downloads/DS113108 11/17/2016
Yoga 710-11ISK 0UCN22WW http://support.lenovo.com/downloads/DS113108 11/17/2016
Yoga 900-13ISK C6CN39WW http://support.lenovo.com/downloads/DS105231 11/29/2016
YOGA 900S-12ISK E1CN47WW http://support.lenovo.com/downloads/ds112723 11/17/2016

<Back to Top>

 

ThinkServer

Product Minimum BIOS version to fix Link Last Update
ThinkServer TS150 FWKT58B http://support.lenovo.com/us/en/products/Servers/ThinkServer-tower-servers/ThinkServer-TS150?linkTrack=Caps%253ABody_SearchProduct&tabName=downloads&beta=false 11/17/2016
ThinkServer TS250 FWKT58B http://support.lenovo.com.cn/lenovo/wsi/Modules/DriverDetailServer.aspx?ID=110427 11/29/2016
ThinkServer  TS450 FWKT58B http://support.lenovo.com/us/en/products/Servers/ThinkServer-tower-servers/ThinkServer-TS150?linkTrack=Caps%253ABody_SearchProduct&tabName=downloads&beta=false 11/17/2016
ThinkServer  TS550 FWKT58B http://support.lenovo.com.cn/lenovo/wsi/Modules/DriverDetailServer.aspx?ID=110427 11/29/2016

<Back to Top>

 


Alias Id:LEN_9903
Document ID:PS500073
Original Publish Date:11/17/2016
Last Modified Date:11/29/2016