11-28-2017 03:24 PM
I have a Flex 3-1580 model 80R4. The Intel-SA-00086 detection tool says this system is vulnerable but on the Lenovo Security Advisory page LEN-17297 this model isn't listed.
When will the security update for my system be available or where can I find it if it's available now?
I did also download a BIOS update on the support page for my system but when I run it, it says its only for "Ideapad 300S-14ISK, Ideapad 500S-14ISK, Lenovo Yoga 500-14ISK, Edge 2 1580." None of those are my system so I didn't run the update. Why would your support page serve up a BIOS update that isn't explicitly for my system - potentially bricking it!?
11-28-2017 03:54 PM
I cannot speak to the vulnerability or when Lenovo will release patch for your system, but per the readme.txt file that accompanies the Version D3CN35WW BIOS Update, it does support your model
From the Readme.txt
"This package updates the basic input/output system (BIOS) on ideapad 300S-14ISK, ideapad 500S-14ISK, Lenovo Edge 2-1580, Lenovo Flex 3-1480, Flex 3-1580, Yoga 500-14ISK, Yoga 500-15ISK"
11-28-2017 05:01 PM
Thanks for pointing that out! However the BIOS updater itself lists in 2 different windows the following:
"1. This package is built for Lenovo Ideapad 300S-14ISK/Ideapad 500S-14ISK/Lenovo Yoga 500-14ISK/Lenovo Yoga 500-15ISK/Edge 2 1580 only, do not try it on other machines. 2. Do not change the default installation path. 3. System will automatically reboot after BIOS update, Please save and close your opening documents before update process beginning 4. Make sure the battery is fully charged and AC adapter is plug-in before you updating BIOS 5. Please load default in BIOS setup menu before executing this program."
So until Lenovo gets around to updating the warning text in the actual update utility, I'll have to error on the side of caution and choose not to accidently brick my machine just because someone updated a readme file. Since the readme and the updater don't match - I have to side with the warning in the updater.
Also, the BIOS update in question (Version D3CN35WW) is so old as to likely NOT fix the Intel-SA-00086 vulnerability anyway. I'll just have to wait I guess.
11-30-2017 07:36 AM
So what I have read is many PC makers won't have fixes til December at the earliest and my understanding is Lenovo is focused on ThinkPads first mainly because they affect the business side. The consumer line (IdealPads) will most likely get them later. Since this has been a issue a while now, I would not worry so much about. If your so inclined some have simply disabled AMT in Windows drivers or if available in bios. Although I really don't see this as a imminent threat where anyone has reported seeing anything trying to attack the vulnerability. This takes a while to develop and test firmware so it performs as expected.
12-01-2017 10:23 AM
Hi mccoy12000, welcome to the Community,
Thank you for bringing this to our attention. When as you have done, reading the notices, clearly it is worrying as to whether or not updating the BIOS could be the cause of further issues.
I have been assured by engineers that the messages you are seeing during the installation process are incorrect to the extent that they do not include the Flex systems included in the readme file. They have run the BIOS update successfully on the Flex 3-1580 and again assured me that it is the correct BIOS for that system.
Again, thank you for pointing this out, we are taking steps to correct the issue to avoid further confusion.
English Community Leader
Please remember to come back and mark the post that you feel solved your question as the solution, it earns the member + points
Did you find a post helpfull? You can thank the member by clicking on the star below their post awarding them Kudos
T430 2347-G7U W8 x64, Yoga 10 HD+, Tablet 1838-2BG, T61p 6460-67G W7 x64, T43p 2668-G2G XP, T23 2647-9LG XP, plus a few more.
Please don't ask me questions by Personal Message; questions belong in the forums.
12-01-2017 01:41 PM
Thanks for the clarification. But this doesn't actually address my question in my Original Post, which is basically: does Version D3CN35WW BIOS Update actually fix the Intel-SA-00086 vulnerability? And if not when is a fix expected?