Software Storage Technologies
Virtual RAID, RSTe, and Memory Drive Technology
Announcements
Looking for our RealSense Community? Click HERE

Looking for RAID, VROC? You found the forum to ask questions!
332 Discussions

Vulnerable VROC software, no updates available from OEMs

Terabyte
Beginner
460 Views

So Intel has a problem, they love to put out drivers (processors too) with lots of vulnerabilities then ignore the problems until some company gets attacked.  VROC is yet another example and they've done little to nothing to solve it.   OEMs like Dell continue to ship ancient versions of VROC, like 7.7.6.1003 with numerous known vulnerabilities and their CVE notice says that all versions before 8.6 have one or more of the issues yet Intel refuses to make 8.6 or later available for system owners, rather relying on the likes of Dell to release updates but those OEMs never release updates in any kind of timely fashion.  Dell released 7.7.6.1003 two months AFTER the first of the CVE notices about 7.7 and now over a year later they've still not posted anything newer.  Looking at even newer Dell Precision Workstations those have 8.5, not even 8.6.

 

It's time for Intel to 1) make drivers available to all so we can keep our systems and networks secured since OEMs clearly only care about selling systems, not supporting customers after the sale; &/or 2) force OEMs to carry and release the latest drivers to address CVEs.

 

For now, I'm going to disable RAID in the BIOS and move all our Win11 Pro systems to AHCI which is faster anyway and ditch Intel's vulnerable software all together.

0 Kudos
4 Replies
Simon-Intel
Employee
450 Views

Hi Terabyte,

 

Thanks for your honest feedback.

 

The reason why the Intel VROC drivers are shared with the OEMs and not with end-customers directly is because system vendors may customize the Intel VROC package for their specific platforms. Since VROC is highly dependent on the platform being used, it's the OEM decision to decide in which platforms they want to offer VROC, and which VROC versions they will support. Following that line, customers should always contact the system manufacturer with support questions about their specific hardware or software configuration.

 

From Intel side, we do our best to make available generic Intel VROC information like security advisories, product information including User Guides, Release Notes, and additional content to help users use Intel VROC in their specific platforms, however as this information is all generic and not tailored for specific OEMs or platforms, we always recommend to reference the OEM for a full list of available feature sets. If any of the information referenced in our generic collaterals conflict with the support information provided by the platform OEM, the platform documentation and configurations take precedence.

 

Nevertheless, we appreciate your feedback and will take it in consideration.

 

Some useful links you may want to bookmark are the following:

 

Intel Security Advisories

Intel VROC Support Resources

Intel VROC Product Page

 

Regards,

Simon

Intel Support Engineer

 

0 Kudos
Terabyte
Beginner
262 Views

With all due respect that's GARBAGE and you know it.  OEMs like Dell and HP rarely, if ever, update drivers.  You used to pull this stunt with video drivers for Intel chipsets with the same, old, tired, full-of-holes excuse you shoveled here.  YOU created the defective drivers.  YOU gave them to OEMs.  YOU are responsible for getting updates to end users.  Sooner or later someone is going to get breached because of your lousy drivers (notice how many CVEs there have been to the various iterations of whatever you want to call your software RAID system?????).  You can change the name all day long, but in the end, RST, VROC, whatever, it's still YOUR code and YOU are responsible.  Either FORCE OEMs to distribute current drivers OR FORCE OEMs to leave your chipset alone so users can get drivers from you.

 

BTW, in the end, you finally gave up and allowed users to download video drivers because it took months, years, or NEVER for OEMs to update them and users were furious.  In the end, maybe it is time for Intel to be purchased and a LOT of house cleaning done.

0 Kudos
Simon-Intel
Employee
381 Views

Hi Terabyte,

 

Thank you for contacting Intel.

 

This is the first follow-up regarding the issue you reported to us.

 

I wanted to inquire whether you had the opportunity to review my previous message.

 

Feel free to reply to this message, and we'll be more than happy to assist you further.

 

Regards,

Simon

Intel Support Engineer

 

 

0 Kudos
Simon-Intel
Employee
281 Views

Hello Terabyte,


Greetings for the day!


We would like to inform you that we are closing this request as no response has been received from our previous follow-ups. 


Please don't hesitate to ask any further questions in the future. Feel free to start a new conversation, as this thread will no longer be monitored.

 

Regards,

Simon

Intel Customer Support Technician

intel.com/vroc


0 Kudos
Reply