Update, 11/30/2017, 11:25am PT: Asus responded to our request for comment with a link to a page (opens in new tab) containing a list of affected server and WS models. The company said it has verified the issue and plans to address it in the next BIOS update, though it didn't say when that update will arrive.
Original, 11/28/2017, 8am PT:
In light of Intel’s recent announcement of the vulnerabilities found and fixed in its Management Engine (ME), referred to as INTEL-SA-00086, many OEMs have begun issuing firmware updates for their products. We at Tom’s Hardware would like to remind you to check your hardware OEM’s support pages for updates.
The INTEL-SA-00086 issue affects you if you have a product with any of the following Intel CPUs:
- 6th (Skylake and Skylake-X), 7th (Kaby lake, Kaby Lake-X, and Kaby Lake R), and 8th Generation (Coffee Lake) Intel Core Processor Family
- Intel Xeon Processor E3-1200 v5 & v6 Product Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor W Family
- Intel Atom C3000 Processor Family
- Apollo Lake Intel Atom Processor E3900 series
- Apollo Lake Intel Pentium
- Celeron N and J series Processors
If you have an affected product, you’ll need a firmware update from the motherboard or system OEM, as well as possibly a driver update from Intel. If your system is Windows or Linux-based, then the easiest way to know if you need an update is to install Intel’s SA-00086 Detection Tool. Intel has released links to support pages for most system OEMs, including Acer (opens in new tab), Dell (opens in new tab), Lenovo (opens in new tab), and Toshiba, just to name a few.
For embedded systems, finding out if you're affected and getting an update might be more of an issue. Intel has addressed its own NUCs here, and we found updates from Synology for its Celeron-powered NAS systems. We assume similar devices from other OEMs, such as QNAP and Asustor, are also affected.
For DIY builders, Gigabyte and MSI have announced BIOS updates, but we’ve yet to see them for many of the affected motherboards. ASRock released comprehensive instructions for some of its affected products, whereas Asus didn’t announce anything, but we’ve found an ME update (opens in new tab) for a number of its motherboards. EVGA told us that it’s working on releasing updates. Everything we've seen so far has been for 100/200/300 series motherboards only, however. We haven't found anything for X299 motherboards, which are also affected.
We’ve reached out to Supermicro, ECS, and Biostar as well, but have yet to receive a response.