Intel Q1’18 AMT 9.x/10.x/11.x Cumulative Update - Lenovo Support US

Lenovo Security Advisory: LEN-21031

**Potential Impact:**Elevation of Privilege

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2018-3628, CVE-2018-3629, CVE-2018-3632

Summary Description:

Intel performed a security review of their Intel® Management Engine (ME) firmware, and identified arbitrary code execution, denial of service, and memory corruption vulnerabilities affecting Intel® Active Management Technology 3.x/4.x/5.x/6.x/7.x/8.x/9.x/10.x/11.x. Lenovo will release updates for versions 9.x/10.x/11.x. Intel is no longer supporting version 8.x and earlier, so these versions will not have updates.

This advisory applies only to AMT. The Server Platform Services (SPS) and Trusted Execution Environment (TXE) ME variants are not affected.

Mitigation Strategy for Customers (what you should do to protect yourself):

Intel recommends updating to the ME firmware version (or newer) indicated for your model in the Product Impact section below.

Product Impact: