The Measure Against the Security Vulnerabilities (INTEL-SA-00086) of Intel Corporation’s Products

Updated: March 14, 2018
Published: December 15, 2017

Recently, Intel Corporation confirmed that there are security vulnerabilities on Intel management firmware which the third party research organization had pointed out. (INTEL-SA-00086) If the devices which will be affected by such vulnerabilities are used, an attacker could use these flaws to compromise the security or cause the system crash. To address this issue, NEC will update the management firmware of such devices.

(For some server models, the update of BIOS will be necessary.)

NEC will provide the information regarding the target servers, release timing and release page of the update modules sequentially in the table located below.

Please take measures based on the published information of each target server.

The identified vulnerabilities this time could result in becoming the target of the following attacks.
A successful attacker could:

1. impersonate Intel® Management Engine (ME), thereby impacting the security feature validity.
2. execute arbitrary instruction which the user and operating system did not intend.
3. cause a system crash or system instability.

Please update the management firmware of the target servers.
(For some server models, the updates of BIOS will be necessary.)

We provide a link to inform of measures to be taken for each target server on this page. We request you to apply as needed.

The list of target servers and the time of releasing respective update modules