Intel ME Security Vulnerability
Add-on
Release Notes
Release Date: 2018-01
Copyright © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are
trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective
owners.
Release type and definition
Current version
Supported platforms
Parameters to install Intel ME add-on
Installing Intel ME add-on using Wyse Device Manager
Installing Intel ME add-on using Wyse Management Suite
Installing Intel ME add-on using System Center 2016 Configuration Manager (SCCM)
Known issues
Add-on information
Important notes
Contents
Adding device to new device collection ......................................................................................................... 6
Creating a package ........................................................................................................................................... 6
Distributing content .......................................................................................................................................... 7
Creating a task sequence ................................................................................................................................ 7
Deploying task sequence ................................................................................................................................. 8
................................................................................................................. 3
................................................................................................................... 8
........................................................................................................... 8
................................................................................................................ 9
................................................................................................. 3
......................................................................................................... 3
.................................................................................. 4
........................................................... 5
....................................................... 5
................ 6
Intel ME Security Vulnerability Add-on | 2
Sl.no
Add-on file name
Driver version
1
2
3
Platform name
Build
Intel ME
Intel ME
Add-on file
BIOS
Wyse 7040 thin
client with WES7P
7040_7065_3
2GB.exe
11.7.0.1045
11.8.50.3426
IntelME_7040.
EXE
1.5.4
Latitude E7270
mobile thin client
E7270_7065_
128GB.exe
11.7.0.1045
11.8.50.3426
IntelME_E7270
.EXE
1.18.5
Platform name
Build
Intel ME
Intel ME
Add-on name
BIOS
Wyse 7040 thin
IoT
7040_0A62_3
11.7.0.1045
11.8.50.3426
IntelME_7040.
1.5.4
Importance
URGENT: Dell highly recommends applying this update as soon as possible. The update contains changes
to improve the security, reliability and availability of your Dell system.
Software releases are created to correct defects, make enhancements, or add new features. These
releases are tested on all current, actively shipping platforms and operating systems as applicable. This
release notes contain details on the supported platforms, any changes in the configuration settings and
licensing details as well. The bug fixes along with the workarounds are documented in the release notes.
Any changes in the feature functionality from an end-user perspective are listed with the description of
each feature at a high level.
Release type and definition
This release signifies Intel Management Engine Vulnerability remediation for the following platforms:
• Wyse 7040 thin client with WES7P
• Wyse 7040 thin client with Win10 IoT
• Latitude E7270 mobile thin client with WES7P
• Latitude 3480 mobile thin client with Win10 IoT
• Latitude 5280 mobile thin client with Win10 IoT
For information about Intel ME Vulnerability, see the Intel® Management Engine Critical Firmware Update
(Intel-SA-00086) article at www.intel.com
.
Current version
Table 1. Current version
IntelME_7040.EXE 11.7.0.1045
IntelME_E7270.EXE 11.7.0.1045
IntelME_3480_5280.EXE 11.7.0.1045
Supported matrix
Table 2. Windows Embedded Standard 7 Professional
Interface Driver
version
Table 3. Windows 10 IoT Enterprise Threshold
Firmware version
name
version
client with Win 10
2GB.exe
Interface Driver
version
Firmware version
EXE
version
Intel ME Security Vulnerability Add-on | 3
Platform name
Build
Intel ME
Intel ME
Add-on name
BIOS
Latitude 5280
with Win 10 IoT
5280_0A64_
11.7.0.1045
11.8.50.3426
IntelME_3480_
1.8.1
Latitude 3480
with Win 10 IoT
3480_0A63_3
11.7.0.1045
11.8.50.3426
IntelME_3480_
1.5.5
Management server
Version
Operating System
Wyse Device Manager (WDM)
5.7.2
Windows Server 2012 R2
Wyse Management Suite (WMS)
1.1
Windows Server 2012 R2
System Center Configuration Manager (SCCM)
Microsoft System Center
5.0.8412.1000
Windows Server 2016
Add-on file name
BIOS file name
IntelME_7040.EXE
Wyse_7040_1.5.4.exe
IntelME_E7270.EXE
Latitude_E7270_1.18.5.exe
IntelME_3480_5280.EXE
Latitude_3480_1.5.5.exe
Platforms
File name
Command parameters
Wyse 7040 thin client with WES7P
IntelME_7040.EXE
/s /f
Latitude E7270 mobile thin client
IntelME_E7270.EXE
/s /f
Latitude 3480 mobile thin client
with Win10 IoT
IntelME_3480_5280.EXE
/s /f
Table 4. Windows 10 IoT Enterprise RedStone
mobile thin client
mobile thin client
Table 5. Management server
Table 6. BIOS details
32GB.exe
2GB.exe
Interface Driver
version
Configuration Manager
2016 Version 1606
Console version:
5.0.8412.1313
Site version:
Firmware version
version
5280.EXE
5280.EXE
version 1607—Operating system
build 14393.1715
Parameters to install Intel ME add-on
Table 7. Parameters
and
Wyse 7040 thin client with Win 10
IoT
with WES7P
with Win10 IoT and
Latitude 5280 mobile thin client
Latitude_5280_1.8.1.exe
Intel ME Security Vulnerability Add-on | 4
Download Wyse Software and Driver
Wyse Support Download
Active
Search
Downloads
Wyse Device Manager Web UI
Applications
Other packages
Create Package (+)
Download
Browse
Upload.
Applications
Other packages.
Devices
Update
Select Packages
Other Package
Intel ME add-on
Save
Update Now
Download Wyse Software and Driver
Wyse Support Download
Active
Search
Downloads
Portal Admin
Local Repository
Sync Files
Apps and Data
Installing Intel ME add-on using Wyse Device Manager
NOTE: You can deploy the BIOS add-on using EXE file deployment method. The RSP file deployment
method is not applicable.
1. Go to the Dell Wyse support.
2. Expand
3. Click
4. From the
5. The
6. Download the respective .exe file to your system.
7. Copy the downloaded .exe file to the Wyse Device Management server or to a local repository.
8. Double-click the
web console using valid credentials.
9. Go to
10. Click the
11. Click
server.
12. Double-click the respective .exe file.
The WDM Package Registration Utility window is displayed.
13. In the WDM Package Registration Utility window, select the respective .exe file and click
14. Navigate to the folder where you have downloaded the Intel ME .exe file.
15. Select the .exe file, operating system, and command parameters appropriately. For parameters,
see Parameters to install Intel ME add-on.
16. Click
Intel ME add-on package is listed under
17. Click
18. Click
19. Go to
20. Click
drop-down list, select your thin client model, and click
page is displayed.
>
, and save the Package Register utility file to the Wyse Device Management
, and select a checked-in device where you want to install the add-on.
.
>
, and then click
.
button.
.
.
, and select the
.
icon, and log in to the Wyse Device Management
>
.
package.
.
Installing Intel ME add-on using Wyse Management Suite
1. Go to the Dell Wyse support.
2. Expand
3. Click
4. From the
The
5. Download the respective .exe file to your system.
6. Copy the downloaded .exe file to the Wyse Management Suite server repository. For example,
copy the downloaded file to C:\Share\ repository\thinClientApps folder.
7. Log in to Wyse Management Suite.
8. Click
9. Click the
10. Wait for the synchronization to complete, and click
drop-down list, select your thin client model, and click
page is displayed.
, and select the
button.
.
.
check box.
.
.
Intel ME Security Vulnerability Add-on | 5
Groups
Plus sign (+)
Apps and Data
Thin Client
App Policies
Add Policy
Install Application
WES
Save
Preview and schedule
Jobs
Schedule App Policy
Update Now
Prerequisites
Control Panel > Configuration Manager > Site > Configuration Settings
Configuration Manager service location
Actions
Run Now
Assets and Compliance
Device Collections
Add Selected Items
Add Selected Items to
Existing Device collection.
Device Collections
Assets and Compliance
Device Collections
Download Wyse Software and Driver
Wyse Support Download
Active
Search
Software Library
Overview
Application management
Packages
Packages
Create Package
11. Verify the Intel ME add-on package in the applications list.
12. To create a group in the Wyse Management Suite server, click
13. Click the
14. Click the
15. Click
16. Select the task as
filter according to the operating system and platform.
17. Select the application, and enter the valid parameter. For parameters, see Parameters to install
Intel ME add-on
18. Click
19. To schedule the policy, click
20. Click
21. Click
, and update the required details.
.
, and select
button, and register your client in the same group.
option, and click
.
, OS type as
.
under
, and select the OS sub filter and platform
.
.
.
Installing Intel ME add-on using System Center 2016 Configuration Manager (SCCM)
• Add the thin client to the SCCM server domain and restart.
• Log in to the thin client with valid SCCM domain credentials.
• Change the time zone and time (HH:MM:SS) according to the SCCM server.
• Go to
• In the
• In the
• A sys-tray pop-up message is displayed, and the new software is available for installation.
:
tab, select each action, and click
section, enter the site code
.
Adding device to new device collection
1. Go to
2. In the Devices list, right-click a device, and click
3. In the
4. In the
added.
window, select the device to add to the collection, and click OK.
>
section, click
.
>
and verify whether the device is
Creating a package
1. Go to the Dell Wyse support.
2. Expand
3. Click
4. From the
The Downloads page is displayed.
5. Download the respective .exe file.
6. Copy the installation package to the share folder.
7. Expand
8. Right-click
9. Enter the package name, description, manufacturer name, language, and version.
drop-down list, select your thin client model, and click
and click
.
>
>
.
.
>
.
.
Intel ME Security Vulnerability Add-on | 6
Next
Next
Standard Program
Browse
--silent
Next
Platforms
Command line
Wyse 7040 thin client with WES7P and
Wyse 7040 thin client with Win 10 IoT
IntelME_7040.EXE /s /f
Latitude E7270 mobile thin client with
IntelME_E7270.EXE /s /f
Latitude 3480 mobile thin client with
Win10 IoT
IntelME_3480_5280.EXE /s /f
Next,
Next
Close.
Application Management
Package
Distribute Content
Distribute content
Add
Distribution Point
Next
Next
Close
Deploy
Collection
Next
Add
Distribution Point
OK
Next
Close
Wyse Support Download
Active
Search
10. Click
11. Browse to the source folder where you have copied the sysprep files.
12. Click
13. Select the
14. Enter the required details and Click
15. Select the .exe file as the command line and provide the parameters.
16. Click
17. Select the appropriate name, command line detail according to the platforms mentioned below.
18. Click
19. Verify the information that you have provided and click
20. Click
.
.
The Standard Program page is displayed.
The silent installation parameter is
.
WES7P
Win10 IoT and
Latitude 5280 mobile thin client with
and do not change the settings.
The newly created packages are listed in the
option as the program type.
.
to navigate to the .exe file location.
.
under
.
Distributing content
1. In the
2. From the
3. Select the program, and click
4. Verify the information that you have provided on the summary page and click
5. Click
6. Right-click the created package and click
7. Click the
8. Click
9. From the
10. Select the available distribution points, and click
11. Click
12. Click
click
drop-down list, select
.
.
drop-down list, select
to complete the deployment process.
.
The content status is displayed in green. It may take a few minutes to complete the distribution
process.
wizard, right-click the software package which you have created, and
.
.
option, and browse to the device list.
.
.
.
.
Creating a task sequence
1. Go to the Dell Wyse support.
2. Expand Download Wyse Software and Driver.
3. Click
4. From the
drop-down list, select your thin client model, and click
.
.
.
Intel ME Security Vulnerability Add-on | 7
Downloads
Software Library
Overview
Operating Systems
Task Sequence
Create Task Sequence
Install
Next
Next
Edit
Add
Software
Install Package
Apply
OK
Start > All Programs > Microsoft System Center > Configuration Manager Console
Software Library.
Overview > Operating Systems > Task Sequences
Task Sequences
Deploy
Browse
Known issues
Workaround
Wyse Device Manager: C:\Temp is not deleted, and
Edit the .rsp manually in the server side with DT
SCCM: C:\Temp is not deleted.
Not Applicable
Intel ME driver add-on deployment from the SCCM
Deploy the add-on without task sequence.
Note
Platforms
•
Add-on name
IntelME_7040.EXE
Type of file
Application (.exe)
Size
107 MB—113,120,704 bytes
Driver version
11.7.0.1045
The
5. Download the respective .exe file.
6. Copy the installation package to the share folder.
7. Expand
8. Right-click
9. In the New Task Sequence wizard, select
10. Enter the Task sequence name, select the appropriate boot image, and then click
11. Right-click the deployment task sequence, and click
12. From the
13. Select the created package and click
14. Click
15. Deploy the modified task sequence to the required device collection.
.
page is displayed.
>
drop-down list, select
, and click
>
an existing image package, and click
.
>
.
.
.
.
Deploying task sequence
1. Click
2. Click
3. Expand
4. Click
5. Enter the task name and click
6. Select the newly created Devices Collection from the list.
The System Center Configuration Manger window is displayed
.
, and right-click
.
.
.
.
.
Known issues
Table 8. Known issues
the lock screen is not available when you push from
Wyse Device Manager.
server fails while deploying the add-on using task
sequence.
Add-on information
Table 9. Add-on information
Wyse 7040 thin client with WES7P
• Wyse 7040 thin client with Win10 IoT
command to delete C:\Temp and enable lock screen
with LU and EL.
: An error on the server side is present.
Intel ME Security Vulnerability Add-on | 8
Language
English—United States
Platforms
Latitude E7270 mobile thin client with WES7P
Add-on name
IntelME_E7270.EXE
Type of file
Size
Driver version
Language
Platforms
•
Add-on Name
IntelME_3480_5280.EXE
Type of file
Application (.exe)
Size
107 MB—113,120,704 bytes
Driver version
12.0.0.448
Language
English—United States
Application (.exe)
107 MB—113,120,704 bytes
11.7.0.1045
English—United States
Latitude 3480 mobile thin client with Win10 IoT
• Latitude 5280 mobile thin client with Win10 IoT
Important notes
Table 10. Additional information
SL.NO Platform Information
1 Wyse 7040 thin client with WES7P
2 Wyse 7040 thin client with Win10 IoT
3 Latitude E7270 mobile thin client with WES7P
4 Latitude 3480 mobile thin client with Win10 IoT
5 Latitude 5280 mobile thin client with Win10 IoT
Thin clients restart twice
after you push the addon with write filter
enabled.
Intel ME Security Vulnerability Add-on | 9
Loading...