Beginning of this page.
Jump to main content.

Please note that JavaScript and style sheet are used in this website,
Due to unadaptability of the style sheet with the browser used in your computer, pages may not look as original.
Even in such a case, however, the contents can be used safely.

Site menu starts here.
Skip site menu.
End of site menu.
Displaying present location in the site.
End of menu.

The Measure Against the Security Vulnerabilities (INTEL-SA-00086) of Intel Corporation’s Products

Updated: March 14, 2018
Published: December 15, 2017

Recently, Intel Corporation confirmed that there are security vulnerabilities on Intel management firmware which the third party research organization had pointed out. (INTEL-SA-00086) If the devices which will be affected by such vulnerabilities are used, an attacker could use these flaws to compromise the security or cause the system crash. To address this issue, NEC will update the management firmware of such devices.

(For some server models, the update of BIOS will be necessary.)

NEC will provide the information regarding the target servers, release timing and release page of the update modules sequentially in the table located below.

Please take measures based on the published information of each target server.

The details of the vulnerability information

The identified vulnerabilities this time could result in becoming the target of the following attacks.
A successful attacker could:

  1. impersonate Intel® Management Engine (ME), thereby impacting the security feature validity.
  2. execute arbitrary instruction which the user and operating system did not intend.
  3. cause a system crash or system instability.

How to take measures

Please update the management firmware of the target servers.
(For some server models, the updates of BIOS will be necessary.)

We provide a link to inform of measures to be taken for each target server on this page. We request you to apply as needed.

The list of target servers and the time of releasing respective update modules

Product name Update module releasing time scheduled/ released page
Express5800/R110h-1 December 27, 2017
Express5800/T110h December 27, 2017
Express5800/T110h-S December 27, 2017
Express5800/R110i-1 December 12, 2017
Express5800/T110i December 12, 2017
Express5800/T110i-S December 12, 2017
Express5800/R120h-2M March 14, 2018
Please update in the following order;
Step 1: System ROM, Step 2: SPS FW & IE FW
Express5800/R120h-1M March 14, 2018
Please update in the following order;
Step 1: System ROM, Step 2: SPS FW & IE FW
Express5800/D120h January 26, 2018

Top of this page