Community
cancel
Showing results for 
Search instead for 
Did you mean: 
SChau10
New Contributor II
577 Views

NUC6ixSY , NUC7ixBN and Intel-SA-00213

I noticed that the latest BIOS releases for NUC6ixSY (Swift Canyon) and NUC7ixBN (Bean Canyon) series still have vulnerabilities as referenced in Intel-SA-00213. Intel's CSME Detection Tool 1.0.41.0 flags these NUCs running their latest BIOS versions as vulnerable.

 

BIOS 0072 for Swift Canyon: ME Firmware = 11.8.60.3561

BIOS 0080 for Baby Canyon: ME Firmware = 11.8.60.3561

 

Does Intel plan to release new BIOS versions for Swift Canyon & Baby Canyon NUCs to update the CSME firmware to 11.8.65.x or later?

 

 

0 Kudos
12 Replies
AndrewG_Intel
Moderator
307 Views

Hello SChau10,

 

Thank you for posting on the Intel® communities.

 

We appreciate the details provided regarding the latest BIOS and Intel® Converged Security and Management Engine (Intel® CSME) Detection Tool.

 

Please allow us to check this further and as soon as we have more information available we will be posting back in this thread.

 

Andrew G.

Intel Customer Support Technician

A Contingent Worker at Intel

KenF_Intel
Moderator
307 Views

Hi SChau10,

 

A BIOS update is in process for these NUC models to address SA-00213. I'll let you know as soon as I have more information.

 

Regards,

Ken

Intel Customer Support

SChau10
New Contributor II
307 Views

With Intel-SA-00241 out, I noticed additional NUCs being flagged as vulnerable by the latest Intel CSME Detection Tool 2.0.6.0:

 

BIOS 0064 for Skull Canyon (NUC6i7KYK): ME Firmware = 11.8.65.3590

BIOS 0067 for Dawson Canyon (NUC7i5DNHE): ME Firmware = 11.8.65.3590

BIOS 0075 for Bean Canyon: (NUC8i7BEH): ME Firmware = 12.0.32.1421

 

The Swift Canyon & Baby Canyon NUCs reported previously are still flagged as vulnerable.

 

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

 

KenF_Intel
Moderator
307 Views

Hi SChau10,

 

BIOS updates for all the impacted NUC's are being worked on. Due to other work that is already in process, most of the releases will happen in Q1 of next year. i will update this thread when specific updates are available. Are the 3 NUC models above the ones you are most interested in?

 

Regards,

Ken

Intel Customer Support

KenF_Intel
Moderator
307 Views

Hi Schau10,

 

 

The update for the NUC8i7BN is available at https://downloadcenter.intel.com/download/29347/BIOS-Update-BNKBL357-86A-

We are still waiting for an update for the Swift Canyon NUC's.

 

The update for Dawson Canyon to address SA-00241 is available at https://downloadcenter.intel.com/download/29462/BIOS-Update-DNKBLi5v-86A-

The update for Bean Canyon is at https://downloadcenter.intel.com/download/29453/BIOS-Update-BECFL357-86A-

We are still waiting for an update for Skull Canyon.

 

Regards,

Ken

Intel Customer Support

 

KenF_Intel
Moderator
307 Views

Hi Schau10,

 

The BIOS update for the NUC6i7KYK is available at https://downloadcenter.intel.com/download/29503/BIOS-Update-KYSKLi70-86A-?product=89187

 

Regards,

Ken

Intel Customer Support

SChau10
New Contributor II
307 Views

Hi Ken,

 

Thank you for the new BIOS notifications.

 

I have successfully updated BIOS for my NUC6i7KYK, NUC8i7BEH, NUC7i5BNH & NUC7i5DNHE units, and the latest Intel(R) CSME Version Detection Tool (2.1.0.0) now reports "This system is not vulnerable. It has already been patched." for these systems 👍

 

This leaves just my Swift Canyon NUCs (NUC6i5SYH, NUC6i3SYH) still in need of a BIOS update to bring the CSME FW version forward.

 

 

KenF_Intel
Moderator
307 Views

Thanks for the update Schau10.

 

I'm waiting to hear from engineering on updates for NUC6xxSY models.

SChau10
New Contributor II
307 Views

One correction to my previous post.

 

Intel(R) CSME Version Detection Tool 2.1.0.0 actually reports Bean Canyon (NUC8ixBE) with BIOS 0078 as vulnerable, apparently due to CSME firmware being 12.0.47.1524, while Intel CSME Security Advisory SA-00307 indicates the CSME firmware needs to be updated to 12.0.49 to address this vulnerability.

 

Is another BIOS release for Bean Canyon in the works to move the CSME firmware revision forward again?

 

KenF_Intel
Moderator
307 Views

Hi SChau10,

 

Yes, a BIOS update for NUC8iXBE products to new CSME firmware is in the works. It will several months before it is released.

 

Regards,

Ken

Intel Customer Support

KenF_Intel
Moderator
307 Views

Hi SChau10,

 

In regards to your original question on Baby Canyon (NUC7xxBN), an updated BIOS was released in May and is available here: https://downloadcenter.intel.com/download/29569/BIOS-Update-BNKBL357-86A-?product=95066

No BIOS updates are currently planned for the Swift Canyon (NUC6xxSY).

BIOS updates for Bean Canyon are in progress.

 

As you may have realized by now, Intel is constantly evaluating the security of our products and also constantly releasing fixes for them. Unfortunately, due to the number of products to be updated there are likely to be continuing where our BIOS's are not up-to-date with the most recent detection tool vulnerabilities.

 

I recommend you install our Intel Driver Support Assistant to receive notifications when new drivers and BIOS's become available.

 

With your permission, I would like to close this case.

 

Regards,

Ken

Intel Customer Support

Ronny_G_Intel
Moderator
257 Views

Hi SChau10,

My apologies for the long delay in getting this issue addressed. BIOS 0073 for NUC6ixSY will be available in Download Center sometime this week and it will include the fix for Intel-SA-00213.

Please keep an eye on https://downloadcenter.intel.com/product/89190/Intel-NUC-Kit-NUC6i5SYH 

 

Regards,

Ronny G

Reply