News 1/4
Getac Technology Corporation Statement on Trusted Platform Module Firmware Security Update
2022/05/30
Getac Technology Corporation Statement on Trusted Platform Module Firmware Security Update Notice:Getac Technology Corporation (“Getac”) continues to work on qualifying and applying the fixes provided by Nuvoton Technology Corporation (“Nuvoton”) to supported Getac systems. Please refer to the table below to identify fixes for your systems. Release Date: 1st Apr, 2022Last Updated: 30 May, 2022 Summary: Nuvoton has informed Getac of a potential vulnerability that an attacker with physical access to Nuvoton Trusted Platform Module (“TPM”) NPCT75x (7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography private key via a side-channel attack against ECDSA because of an Observable Timing Discrepancy. (link)CVEID: CVE-2020-25082 Getac Affected Products and Recommendations:1. For certain products currently being manufactured or already in the field, Getac will also release solutions for the update. Please check the affected products in the table below. 2. The latest version solution is backwards-compatible with the previous version.Getac Affected Products and SolutionProduct NameCPU GenerationTPMFW VersionRelease DateSolution LinkA14010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035B3008th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035B36010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035F1108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035F11011th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035K1208th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035K12011th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035S4108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035S41011th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035UX108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035UX1010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035V1108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035V11010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035RX107th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035* Please note that the schedule above is subject to change due to test status. Getac Disclaimer:All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis. Getac hereby expressly disclaims any warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for any particular purpose, non-infringement of intellectual property. All products, information, and figures specified are preliminary based on current expectations and Getac reserves the right to change or update any content thereof at any time without prior notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their specified environments and take appropriate actions. The use of this statement, and all consequences of such use, is solely at the user’s own responsibility, risk, and expense thereof. In no event shall Getac or any of its affiliates be liable for any and all claims, damages, costs or expenses, including without limitation, loss of profits, loss of data, loss of business expectancy, compensatory, direct, indirect, consequential, punitive, special, or incidental damages or business interruption arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon. Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
Getac Technology Corporation Statement on Intel security update (2021.2 IPU)
2022/03/01
Getac Technology Corporation Statement on Intel security update (2021.2 IPU) NOTICE: Getac Technology Corporation (“Getac”) continues to work on qualifying and applying the fixes provided by Intel on supported Getac systems. Please refer to the table below to identify fixes for your systems. Release Date: 1st Mar, 2022 Last Updated: 1st Mar, 2022Summary: SA-00470: Potential security vulnerabilities in some Intel® Chipset Firmware in Intel® Server Platform Services (SPS), Intel® Active Management Technology (AMT) and the Intel Power Management Controller (PMC) may allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-0060 / CVEID: CVE-2021-33068 / CVEID: CVE-2021-0147 SA-00509: Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-0063 / CVEID: CVE-2021-0078 / CVEID: CVE-2021-0071 / CVEID: CVE-2021-0082 / CVEID: CVE-2021-0064 / CVEID: CVE-2021-0065 / CVEID: CVE-2021-0069 / CVEID: CVE-2021-0075 / CVEID: CVE-2021-0079 / CVEID: CVE-2021-0053 SA-00527: Potential security vulnerabilities in the BIOS firmware for some Intel® processors may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-0103 / CVEID: CVE-2021-0114 / CVEID: CVE-2021-0115 / CVEID: CVE-2021-0116 / CVEID: CVE-2021-0117 / CVEID: CVE-2021-0118 / CVEID: CVE-2021-0099 / CVEID: CVE-2021-0156 / CVEID: CVE-2021-0111 / CVEID: CVE-2021-0107 / CVEID: CVE-2021-0125 / CVEID: CVE-2021-0124 / CVEID: CVE-2021-0119 / CVEID: CVE-2021-0092 / CVEID: CVE-2021-0091 / CVEID: CVE-2021-0093 SA-00532: A potential security vulnerability in some Intel® processors that may allow a denial of service. Intel® is releasing firmware updates to mitigate this potential vulnerability. (link)CVEID: CVE-2021-0127 SA-00533: A potential security vulnerability in some Intel® Thunderbolt™ Declarative Componentized Hardware (DCH) Drivers for Windows may allow denial of service. Intel is releasing software updates to mitigate this potential vulnerability. (link)CVEID: CVE-2021-0110 SA-00539: Potential security vulnerabilities in some Intel® PROSet/Wireless Wi-Fi, Intel® Active Management Technology (Intel® AMT) Wireless and Killer™ Wi-Fi may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-0162 / CVEID: CVE-2021-0163 / CVEID: CVE-2021-0161 / CVEID: CVE-2021-0164 / CVEID: CVE-2021-0165 / CVEID: CVE-2021-0066 / CVEID: CVE-2021-0166 / CVEID: CVE-2021-0167 / CVEID: CVE-2021-0169 / CVEID: CVE-2021-0168 / CVEID: CVE-2021-0170 / CVEID: CVE-2021-0171 / CVEID: CVE-2021-0172 / CVEID: CVE-2021-0173 / CVEID: CVE-2021-0174 / CVEID: CVE-2021-0175 / CVEID: CVE-2021-0076 / CVEID: CVE-2021-0176 / CVEID: CVE-2021-0177 / CVEID: CVE-2021-0178 / CVEID: CVE-2021-0179 / CVEID: CVE-2021-0183 / CVEID: CVE-2021-0072 SA-00540: Potential security vulnerabilities in the installer for some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-0151 / CVEID: CVE-2021-0152 SA-00561: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. (link)CVEID: CVE-2021-0145 SA-00562: Potential security vulnerabilities in the BIOS reference code for some Intel® processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-0157 / CVEID: CVE-2021-0158 SA-00566: Potential security vulnerabilities in some Intel® graphics drivers may allow escalation of privilege or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-0121SA-00581: A potential security vulnerability in some Intel® Wireless Bluetooth® products and Killer™ Bluetooth® products may allow denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-33110 SA-00582: Potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Killer™ WiFi products may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-33113 / CVEID: CVE-2021-33115 / CVEID: CVE-2021-33114 SA-00604: Potential security vulnerabilities in some Intel® Wireless Bluetooth® and Killer™ Bluetooth® products may allow denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. (link)CVEID: CVE-2021-33139 / CVEID: CVE-2021-33155Getac Affected Products and Recommendation: 1. For certain products currently being manufactured or already in the field, Getac will also release solutions for the update. Please check the affected products in the table below: 2. The latest version solution is backwards-compatible with the previous version. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00470 / SA-00539)Product NameCPU GenerationME FWVersionME FWRelease DateLatest ME FW Please click on the links below to download X5007th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110318&cateid=100183S4106th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=1001837th & 8th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=1001838th Gen Core(Whiskey Lake)12.0.85.1869Donehttps://support.getac.com/Service/FileReader?fileid=110319&cateid=10018311th Gen Core15.0.35.1951Donehttps://support.getac.com/Service/FileReader?fileid=110323&cateid=100183A1406th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=100183 10th Gen Core14.1.60.1807Donehttps://support.getac.com/Service/FileReader?fileid=110320&cateid=100183 B3006th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=1001838th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=100183B36010th Gen Core14.1.60.1807Donehttps://support.getac.com/Service/FileReader?fileid=110320&cateid=100183K1208th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=10018311th Gen Core15.0.35.1951Donehttps://support.getac.com/Service/FileReader?fileid=110321&cateid=100183V1106th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=100183 7th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=1001838th Gen Core(Whiskey Lake)12.0.85.1869Donehttps://support.getac.com/Service/FileReader?fileid=110319&cateid=100183 10th Gen Core14.1.60.1807Donehttps://support.getac.com/Service/FileReader?fileid=110320&cateid=100183F1106th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=1001837th Gen Core11.8.90.3987Donehttps://support.getac.com/Service/FileReader?fileid=110317&cateid=1001838th Gen Core(Whiskey Lake)12.0.85.1869Donehttps://support.getac.com/Service/FileReader?fileid=110319&cateid=10018311th Gen Core15.0.35.1951Donehttps://support.getac.com/Service/FileReader?fileid=110322&cateid=100183UX108th Gen Core(Whiskey Lake)12.0.85.1869Donehttps://support.getac.com/Service/FileReader?fileid=110319&cateid=10018310th Gen Core14.1.60.1807Donehttps://support.getac.com/Service/FileReader?fileid=110320&cateid=100183* Please note that the schedule above is subject to change due to the test status. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00527 )Product NameCPU GenerationSINIT DriverVersionDriverRelease DateLatest Driver Please click on the links below to downloadS41011th Gen Core1.14.254/8/2022https://support.getac.com/Portal/Page/763 K12011th Gen Core1.14.254/8/2022https://support.getac.com/Portal/Page/763 F11011th Gen Core1.14.254/8/2022https://support.getac.com/Portal/Page/763 * Please note that the schedule above is subject to change due to the test status. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00509 / SA-00539 / SA-00540 / SA-00581 / SA-00582 / SA-00604)Product NameCPU GenerationWiFi / Bluetooth Driver VersionDriver Release DateLatest Driver Please click on the links below to downloadX5007th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 S4106th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 7th & 8th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)22.1104/8/2022https://support.getac.com/Portal/Page/763 11th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 A1406th Gen Core22.11048/2022https://support.getac.com/Portal/Page/763 10th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 B3006th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 8th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 B36010th Gen Core22.604/8/2022https://support.getac.com/Portal/Page/763 K1208th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 11th Gen Core22.604/8/2022https://support.getac.com/Portal/Page/763 V1106th Gen Core22.11048/2022https://support.getac.com/Portal/Page/763 7th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)22.1104/8/2022https://support.getac.com/Portal/Page/763 10th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 F1106th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 7th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)22.1104/8/2022https://support.getac.com/Portal/Page/763 11th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 UX108th Gen Core(Whiskey Lake)22.1104/8/2022https://support.getac.com/Portal/Page/763 10th Gen Core22.1104/8/2022https://support.getac.com/Portal/Page/763 T800 Cherry Trail22.1104/8/2022https://support.getac.com/Portal/Page/763* Please note that the schedule above is subject to change due to the test status. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00532 / SA-00561 / SA-00562)Product NameCPU GenerationBIOS VersionBIOSRelease DateLatest BIOS Please click on the links below to downloadX5007th Gen CoreR1.20.0705212022/3/4https://support.getac.com/Portal/Page/763 S4106th Gen CoreR1.28.070520 2022/3/23https://support.getac.com/Portal/Page/763 7th & 8th Gen CoreR1.26.0705202022/3/23https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)R1.22.0705202022/3/23https://support.getac.com/Portal/Page/763 11th Gen CoreR1.22.0705202022/2/25https://support.getac.com/Portal/Page/763 A1406th Gen CoreR1.20.0705202022/3/23https://support.getac.com/Portal/Page/763 10th Gen CoreR1.10.0705202022/3/4https://support.getac.com/Portal/Page/763 B3006th Gen CoreR1.22.0705202022/3/23https://support.getac.com/Portal/Page/763 8th Gen CoreR1.15.0705202022/3/23https://support.getac.com/Portal/Page/763 B36010th Gen CoreR1.24.0705202022/3/4https://support.getac.com/Portal/Page/763 K1208th Gen CoreR1.15.0705202022/3/23https://support.getac.com/Portal/Page/763 11th Gen CoreR1.12.0705202022/2/25https://support.getac.com/Portal/Page/763 V1106th Gen CoreR1.25.070520 2022/3/23https://support.getac.com/Portal/Page/763 7th Gen CoreR1.18.070520 2022/3/23https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)R1.12.070520 2022/3/23https://support.getac.com/Portal/Page/763 10th Gen CoreR1.09.070520 2022/3/4https://support.getac.com/Portal/Page/763 F1106th Gen CoreR1.16.0705222022/3/23https://support.getac.com/Portal/Page/763 7th Gen CoreR1.16.0705212022/3/23https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)R1.16.0705202022/3/4https://support.getac.com/Portal/Page/763 11th Gen CoreR1.07.0705202022/2/25https://support.getac.com/Portal/Page/763 UX108th Gen Core(Whiskey Lake)R1.17.070520 2022/3/23https://support.getac.com/Portal/Page/763 10th Gen CoreR1.14.0705202022/3/4https://support.getac.com/Portal/Page/763 * Please note that the schedule above is subject to change due to the test status. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00533)Product NameCPU GenerationThunderbolt™ DCH DriverVersionDriverRelease DateLatest DriverPlease click on the links below to downloadS41011th Gen Core1.41.1094.04/8/2022https://support.getac.com/Portal/Page/763 K12011th Gen Core1.41.1054.04/8/2022https://support.getac.com/Portal/Page/763 * Please note that the schedule above is subject to change due to the test status. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00566)Product NameCPU GenerationGraphics DriverVersionDriver Release DateLatest DriverPlease download from link belowX5007th Gen Core30.0.100.99304/8/2022https://support.getac.com/Portal/Page/763 S4106th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 7th & 8th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 11th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 A1406th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 10th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 B3006th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 8th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 B36010th Gen Core27.20.100.93164/8/2022https://support.getac.com/Portal/Page/763 K1208th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 11th Gen Core30.0.100.98364/8/2022https://support.getac.com/Portal/Page/763 V1106th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 7th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 10th Gen Core30.0.100.9929 4/8/2022https://support.getac.com/Portal/Page/763 F1106th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 7th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 8th Gen Core(Whiskey Lake)30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 UX108th Gen Core(Whiskey Lake)30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 10th Gen Core30.0.100.99294/8/2022https://support.getac.com/Portal/Page/763 * Please note that the schedule above is subject to change due to the test status. Getac Disclaimer:All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis. Getac hereby expressly disclaims any warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for any particular purpose, non-infringement of intellectual property. All products, information, and figures specified are preliminary based on current expectations and Getac reserves the right to change or update any content thereof at any time without prior notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their specified environments and take appropriate actions. The use of this statement, and all consequences of such use, is solely at the user’s own responsibility, risk, and expense thereof. In no event shall Getac or any of its affiliates be liable for any and all claims, damages, costs or expenses, including without limitation, loss of profits, loss of data, loss of business expectancy, compensatory, direct, indirect, consequential, punitive, special, or incidental damages or business interruption arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon. Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
Getac Technology Corporation Security Update for InsydeH2O UEFI Firmware Vulnerabilities
2022/02/11
Getac Technology Corporation Security Update for InsydeH2O UEFI Firmware VulnerabilitiesGetac Technology Corporation (“Getac”) is reviewing and assessing the impact of the InsydeH2O UEFI Firmware Vulnerabilities to our products. The security of our products is a top priority and critical to protecting our customers.INSYDE SECURITY ADVISORY (ISA)Multiple potential security vulnerabilities in the Insyde® InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware (Insyde® InsydeH2O UEFI-BIOS or the “Product”) may result compromise of confidentiality, integrity and availability. Description:The description of the vulnerabilities are as follows.INSYDE-SA-2022/Q1: 2022/Q1 ISA – Insyde® Firmware (InsydeH2O UEFI-BIOS) AdvisoryVulnerabilitiesBINARLY IDCVE IDSMM CalloutBRLY-2021-008CVE-2020-5953BRLY-2021-017CVE-2021-41839BRLY-2021-018CVE-2021-41841BRLY-2021-019CVE-2021-41840BRLY-2021-020CVE-2020-27339BRLY-2021-022CVE-2021-42060BRLY-2021-023CVE-2021-42113BRLY-2021-024CVE-2021-43522BRLY-2021-025CVE-2022-24069BRLY-2021-028CVE-2021-43615SMM Memory CorruptionBRLY-2021-009CVE-2021-41837BRLY-2021-010CVE-2021-41838BRLY-2021-011CVE-2021-33627BRLY-2021-012CVE-2021-45971BRLY-2021-013CVE-2021-33626BRLY-2021-015CVE-2021-45970BRLY-2021-016CVE-2021-45969BRLY-2021-026CVE-2022-24030BRLY-2021-027CVE-2021-42554BRLY-2021-029CVE-2021-33625BRLY-2021-030CVE-2022-24031BRLY-2021-031CVE-2021-43323DXE Memory CorruptionBRLY-2021-021CVE-2021-42059Insyde has examined the affected Product and scheduled to release various batches of firmware updates for supported InsydeH2O UEFI-BIOS firmware versions that remediate the vulnerabilities as follows. Potential Impact: According to the information provided, the potential impact of INSYDE-SA-2022/Q1 is: Loss of Confidentiality, Integrity and AvailabilityAdvisory References:1. https://www.insyde.com/security-pledge2. https://kb.cert.org/vuls/id/7966113. CVSS v3.1 User Guide (first.org)Getac Affected Products and Remediations:No:Models:BIOS VersionBIOS Release Plan1F110G6R1.07.070520 2022/2/25S410G4R1.22.070520K120G2R1.12.0705202F110G5R1.16.0705202022/3/4V110G6R1.09.070520UX10G2R1.14.070520B360R1.24.070520A140G2R1.10.070520X500G3R1.26.070520T800G2R1.24.0705203A140G1R1.20.0705202022/3/23B300G7R1.15.070520EX80R1.07.070520F110G4R1.23.070520K120G1R1.15.070520RX10G2R1.14.070520S410G2R1.26.070520S410G3R1.22.070520UX10G1R1.17.070520V110G4R1.18.070520V110G5R1.12.070520 *Find out which generation of your Getac product model at https://support.getac.com/Portal/Page/786Getac urges our valued customers to update the BIOS for each corresponding Getac Model as soon as possible once the release is available to resolve the multiple potential security vulnerabilities in the Insyde® InsydeH2O Hardware-2-Operating System (H2O) UEFI firmware (Insyde® InsydeH2O UEFI-BIOS).Getac DisclaimerAll content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis, without express or implied warranties of any kind. All products, information, and figures specified are preliminary based on current expectations and are subject to change without notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their individual environments and take appropriate actions. In no event shall Getac or any of its affiliates be liable for any direct, indirect, consequential, punitive, special, or incidental damages arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon (including, without limitation, damages for loss of business, contract, revenue, data, information, or business interruption). Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
Apache Log4J Security Vulnerability Notice
2022/01/01
Getac Technology Corporation (“Getac”) is reviewing and assessing the impact of the Apache Log4j Remote Code Execution vulnerabilities tracked in CVE-2021-44228 and CVE-2021-45046 to our products. The security of our products is a top priority and critical to protecting our customers.For Getac products, there have been no found effects to most of our products and services (Device, Applications, Web Service, Cloud Solution), except X500 G3 Server with RAID Expansion. Please contact our service team for more information. Meanwhile we will continuously monitor and update stakeholders if there is any new information.What is Log4j?Log4j is a piece of free, open-source software used by thousands of websites and business applications around the globe. Ninety-five percent of Java programs use Log4j directly or indirectly.Suggestion: Customers are encouraged to follow security best practices, including those recommended by Apache (Log4j – Apache Log4j Security Vulnerabilities), and continue to monitor this notice for updated information as it becomes available. For your reference, please check the links below:-Apache Publication: Log4j – Apache Log4j Security Vulnerabilities-CVE-2021-44228 (Apache Log4j 2): NVD - CVE-2021-44228 (nist.gov)-CVE-2021-45046: NVD - CVE-2021-45046 (nist.gov) Getac DisclaimerAll content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis, without express or implied warranties of any kind. All products, information, and figures specified are preliminary based on current expectations and are subject to change without notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their individual environments and take appropriate actions. In no event shall Getac or any of its affiliates be liable for any direct, indirect, consequential, punitive, special, or incidental damages arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon (including, without limitation, damages for loss of business, contract, revenue, data, information, or business interruption). Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.