Vulnerability SA-00086 Mitigation

Intel recently made an announcement regarding vulnerability SA-00086 on their site.

The vulnerability affects, among other things, all servers with motherboard X11SSL-F. These include the following dedicated servers:

  • EL-10-SSD
  • EL-20-SSD
  • EL-30-SSD

Custom servers built on Intel Xeon E3-1230v5/v6 and Intel E3-1270v5/v6 processors and the X11SSL-F motherboard are also affected.

The vulnerability also affects servers built on the S2600WFT motherboard and dedicated servers built on processors from the Intel Xeon Scalable SP processor family:

  • PL11-SSD
  • PL21-SSD
  • PL31-SSD

You can check your server´s configuration in the Control Panel:

A critical firmware update has been released to resolve this vulnerability. To protect your system and prevent any potential issues, the BIOS firmware on these systems should be updated to the latest version.

If your server uses an X11SSL-F motherboard, you can update the firmware yourself from our PXE server (details below).

For other server configurations, the firmware can only be updated manually by physically accessing the server. If you lease a dedicated server running another affected platform, please submit a ticket to tech support, and our engineers will assist in making the update.

Updating X11SSL-F Firmware

  1. In the server control open the Power & Boot tab.
  2. From the list of options, select Boot to Boot Menu.

  3. Click Reboot and open the noVNC console (the icon in the upper right-right corner of the control panel; the console will open in a new window).
  4. In the boot menu, scroll down to Tools and Utilities.
  5. Select Update BIOS for X11SSL.

  6. The firmware update will begin. When the update is complete, you will be shown the following message:
  7. Click the Power Off icon in the console and turn off your server.
  8. Afterwards, boot up your server with the Power On button.

 

Important Notice

After choosing the "update BIOS" option, your server may reboot and then launch the firmware update. This is not an error or malfunction; in order to modify the firmware, the motherboard has to be in manufacturing mode. If the mother board is in any other mode at this time, the firmware utility will force it into manufacturing mode; this is why the server reboots. After the reboot, you will again have to choose the option Update BIOS for X11SSL from the menu and repeat the sequence.