News 1/5
Getac Technology Corporation Disclaimer on Microsoft Security Update (Windows Update KB5025885 for Secure Boot Changes Associated with CVE-2023-24932)
2023/10/31
Microsoft Security Update (Windows Update KB5025885)Getac Technology Corporation Disclaimer on Microsoft Security Update (Windows Update KB5025885 for Secure Boot Changes Associated with CVE-2023-24932)Updated: October 31th, 2023 Importance:Please note that this statement is to inform you of a critical Security Update issued by Microsoft. Users are advised to review the guidance and take actions recommended by Microsoft and below that may be updated from time to time to enable protections for the Secure Boot bypass and to avoid potential security risks and system failure. Please also note that Microsoft announced its recommended steps must be completed before moving to Final Enforcement, which is tentatively scheduled no sooner than July 9th, 2024. Bootable media may fail to start and result in your Getac devices being unable to start after Microsoft's Final Enforcement if the required steps are not completed in order. Additionally, please be aware that software distributed by Getac with or without the Getac brand name (including, but not limited to system software) is not covered under Getac’s Warranty. Getac is not responsible for any claims, damages, costs, or expenses arising from failure to follow instructions relating to Microsoft Security Update. BackgroundSince the Secure Boot security feature has been bypassed by the BlackLotus UEFI bootkit, which is tracked under CVE-2023-24932, Microsoft took action by releasing KB5025885 and security updates on May 9th, 2023, to manage the Windows Boot Manager revocations. Microsoft's Security updates are divided into four phases *¹, with the final phase being enforcement. The final enforcement phase, which will implement permanent mitigations on July 9th, 2024 Risk & Impact1. The BlackLotus UEFI bootkit vulnerability allows attackers to maintain control over and potentially manipulate the device. It is strongly recommended that all customers apply the Windows security updates released on May 9th 2023 (1st protection) & January 9th 2024 (2nd protection), to implement necessary security mitigations.2. The revocations will be programmatically enforced on July 9th, 2024. *¹ Therefore, if a device replaces its hard disk retained by the old Boot Manager, it may not be able to boot after the enforcement date.Detailed Instructions by MicrosoftPlease check Microsoft’s announcement regarding latest security update of CVE-2023-24932KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support Actions for Getac UsersAll bootable media is suggested to be upgraded to the latest version and update with new boot-manager. Getac suggests our customers follow the actions outlined below based on different scenarios. Getac will release bootable recovery images (created by Getac Recovery Media Utility ("GRMU")*²) and tools to update boot-manager in recovery partition. 1. Image of new shipment with the latest security updates *³ and boot manager will be released in Table A. New shipment with January 9th, 2024, the security update will be ready after Microsoft’s release. Getac will announce the image schedule status after it is released. For a detailed list please refer to Table A: <Updated HDI Implementation Date> 2. For current customers using Getac devices (Shipped before Jul 31th, 2023)Please ensure that the MIS department is aware of the information outlined below and confirm that the old boot manager has been either removed or updated. This is crucial to prevent any issues with booting after Microsoft's enforcement stage on July 9th, 2024.l Please proceed with the Windows upgrade to install the latest version of Windows updates and consult with your MIS department for detailed mitigation action. Please make sure to update all updates released by Microsoft. Currently, there are 2 announced update versions (May 9th 2023 and January 9th 2024 versions) l Recovery partition: Please update the boot manager in the recovery partition using the Getac Recovery Partition Patch Tool available on Getac service portal. Before utilizing the Getac Recovery Partition Patch Tool, ensure that you have completed the Microsoft security update with a version released after May 9th. This step is crucial to ensure proper facilitation of the boot manager within the recovery partition. If the customer decides to ENABLE the revocations *⁹, please repeat this step every time you update with Microsoft's update to ensure the recovery partition contains the latest boot loader. 3. Scenario of system recovery via recovery image or hard disk replacement after revocations enforced:Please make sure to utilize the recovery images below for system recovery *6.l Using GRMU *8:Please download the latest Windows image *7 with security update via GRMU *² from https://support.getac.com/Service/FileReader/Index?fileid=109165&cateid=100038 to generate recovery media and perform the system recovery *4.Support model list as Table A: <Updated Image Implementation Date>.Both May 9th 2023 & January 9th 2024 versions are required to ensure security. For customization project, which is not on the list, please contact your account manager & FAE. Table A: < Updated Image Implementation Date>Models(Including -EX, -IP product variants)OS Version SupportedNew shipment with Security update Implementation Date*(May 9th 2023 version)Updated Recovery Image Release Date(May 9th 2023 version)Updated Recovery Image Release Date(Jan 9th 2024 version)X500G3, T800G2Windows 10 (22H2)Windows 10 IoT (21H2)July 31th, 2023October 17th ,2023TBDUX10G2/G2-R, V110G6, B360G1Windows 10 (22H2)Windows 11 (22H2)July 31th, 2023October 17th ,2023TBDF110G6, K120G2/G2-R, S410G4, A140G2, X600Windows 10 (22H2)July 31th, 2023October 17th ,2023TBDWindows 11 (22H2)October 19th ,2023October 17th ,2023TBDUX10G3, B360G2, V110G7Windows 11 (22H2)October 19th ,2023October 17th ,2023TBDX600 ServerServer 2022July 31th, 2023N/A**N/A*For customization projects, shipments after October 31th ,2023 will all be shipped with a Microsoft security update on May 9th ,2023. Please check with your SA for details.**X600 Server is not supported by GRMU, please check with the service team or sales for details.FAQ1. Under what circumstances would the system fail to boot?Starting from July 9th, 2024, Microsoft will enforce the revocation through an update. The old Boot Manager will be added to the disallowed signature database. If a device falls into any of the following scenarios involving the use of the old Boot Manager, it will fail to boot after July 9th, 2024.1.The user swaps their HDD and boots up using an OS that has not been updated with the KB released on May 9th, 2023.2.The user utilizes the original image of GRMU for USB boot.3.The user boots to the original WinPE using a USB drive.4.The device undergoes PXE booting to the original operating system.5.If the Recovery partition does not have the updated Boot Manager or contains an old Boot Manager.2. Can users voluntarily revoke the old boot manager before the first quarter of 2024?After applying Microsoft's May 9th update, users can follow Microsoft's instructions to voluntarily revoke the old Boot Manager earlier, which will be revoked on July 9th, 2024, as planned by Microsoft.3. What scenarios should we anticipate in the event of boot failure caused by either "the final phase of enforcement on July 9, 2024" or "the manual revocation of the old Boot Manager" by a user?Boot Manager: If the user selects the old Boot Manager to boot, it will flash a black screen and return to Boot Manager.Recovery Partition: The system will halt at the beginning of the Recovery Partition.System boot: The system will skip this boot device with the old Boot Manager and boot the next boot device.If you encounter the scenario mentioned above and are unable to boot the device, please refer to the next FAQ for assistance.4. What should I do if the system fails to boot after the final phase of enforcement on July 9th, 2024?Please disable the secure boot in the BIOS setup, update to the latest Windows update, and then enable secure boot.5. Will IOT LTSC version get support from these Security Update?Yes, LTSC will be included as long as it is still within the Microsoft life cycle. The IOT version after Win10 21H2 will get support as well. Please check with Microsoft for detailed support status5.6. What if an IOT LTSC customer disable Windows update (Or disable internet), will the device not be able to boot after July 9th, 2024?MSFT will push the accumulated updates once Wi-Fi or Windows Update is enabled. The device will be updated to a version with security updates. However, Getac strongly suggests updating to the latest version with security updates."7. Do I have to update both releases on May 9th, 2023, and January 9th, 2024?Yes,2 sets of protection are required to ensure security. Before final enforcement on July 9th, 2024, please make sure to verify your devices and all bootable media (including offline media) are updated and ready for this security hardening change. ¹ Details of revocations and the timing of updates, please refer to Microsoft instructions.² The GRMU image of certain Getac models will be updated to incorporate the Microsoft May 9th update.³ Microsoft security update regarding CVE-2023-24932 only support version after Windows 10 21H2.4 After recovery with above recovery images, recovery partition will be deleted.5 Information regarding version support is subject to change by Microsoft. For the most up-to-date information, please contact Microsoft directly. Microsoft reserves the right to make changes and such changes are unrelated to Getac.6 Once the new GRMU images with the updated Boot Manager are available for download, the older GRMU images will no longer be accessible for download. They will be replaced by the new images containing the updated Boot Manager.7 Microsoft's Knowledge Base (KB) only provides security updates for versions of Windows 10 after 21H2. However, the original recovery media is shipped with the same version as at the time of the order. Therefore, if the current version is not supported by Microsoft's security updates, Getac will offer the latest update-capable version, Windows 10 22H2.8 If you have downgraded Windows 10 Pro from Windows 11 Pro through a Microsoft Volume License, kindly reach out to Microsoft for recovery assistance and further information.⁹ Please check Microsoft’s security page for self-revocation detail Getac Disclaimer:All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an "as is" basis. Getac hereby expressly disclaims any warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for any particular purpose, non-infringement of intellectual property. All products, information, and figures specified are preliminary based on current expectations, and Getac reserves the right to change or update any content thereof at any time without prior notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling and may not represent the actual risk to the users' local installation and individual environment. Users are recommended to determine the applicability of this statement to their specified environments and take appropriate actions. The use of this statement, and all consequences of such use, is solely at the user's own responsibility, risk, and expense thereof. In no event shall Getac or any of its affiliates be liable for any and all claims, damages, costs or expenses, including without limitation, loss of profits, loss of data, loss of business expectancy, compensatory, direct, indirect, consequential, punitive, special, or incidental damages or business interruption arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon. Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
Getac Technology Corporation Statement on Intel security update (IPU 2022.3 & 2023.1)
2023/06/15
Getac Technology Corporation Statement on Intel security update (IPU 2022.3 & 2023.1) NOTICE: Getac Technology Corporation (“Getac”) continues to work on qualifying and applying the fixes provided by Intel on supported Getac systems. Please refer to the table below to identify fixes for your systems. Release Date: 17th Mar, 2023Last Updated: 15th June, 2023 Summary: SA-00688: Potential security vulnerabilities in BIOS firmware for some Intel® Processors may allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. (link)SA-00610: Potential security vulnerabilities in some Intel® Chipset Firmware in Intel® Converged Security and Manageability Engine (CSME), Intel® Active Management Technology (AMT) and Intel® Server Platform Services (SPS) may allow escalation of privilege or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. (link)SA-00699: A potential security vulnerability in some Intel® PROSet/Wireless WiFi, Intel vPro® CSME WiFi and Killer™ WiFi products may allow denial of service. Intel is releasing a firmware update to mitigate this potential vulnerability. (link)SA-00717: Potential security vulnerabilities in the BIOS firmware and Intel® Trusted Execution Technology (TXT) Secure Initialization (SINIT) Authenticated Code Modules (ACM) for some Intel® Processors may allow escalation of privilege. Intel is releasing BIOS updates to mitigate these potential vulnerabilities. (link) Getac Affected Products and Recommendation:1. For certain products currently being manufactured or already in the field, Getac will also release solutions for the update. Please check the affected products in the table below: 2. The latest version solution is backwards-compatible with the previous version.GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00610 / SA-00699)Product NameCPU GenerationME FWVersionME FWRelease StatusLatest ME FWPlease click on the links below to downloadX5007th Gen Core11.8.93.4323Available nowhttps://support.getac.com/Service/FileReader?fileid=110551&cateid=100183S4107th Gen Core11.8.93.4323Available nowhttps://support.getac.com/Service/FileReader?fileid=110550&cateid=1001838th Gen Core12.0.92.2145Available nowhttps://support.getac.com/Service/FileReader?fileid=110553&cateid=10018311th Gen Core15.0.42.2235Available nowhttps://support.getac.com/Service/FileReader?fileid=110555&cateid=100183A1406th Gen Core11.8.93.4323Available nowhttps://support.getac.com/Service/FileReader?fileid=110550&cateid=10018310th Gen Core14.1.67.2046Available nowhttps://support.getac.com/Service/FileReader?fileid=110554&cateid=100183B3008th Gen Core11.8.93.4323Available nowhttps://support.getac.com/Service/FileReader?fileid=110550&cateid=100183B36010th Gen Core14.1.67.2046Available nowhttps://support.getac.com/Service/FileReader?fileid=110554&cateid=100183K1208th Gen Core11.8.93.4323Available nowhttps://support.getac.com/Service/FileReader?fileid=110550&cateid=10018311th Gen Core15.0.42.2235Available nowhttps://support.getac.com/Service/FileReader?fileid=110555&cateid=100183V1107th Gen Core11.8.93.4323Available nowhttps://support.getac.com/Service/FileReader?fileid=110550&cateid=1001838th Gen Core12.0.92.2145Available nowhttps://support.getac.com/Service/FileReader?fileid=110553&cateid=10018310th Gen Core14.1.67.2046Available nowhttps://support.getac.com/Service/FileReader?fileid=110554&cateid=100183F1107th Gen Core11.8.93.4323Available nowhttps://support.getac.com/Service/FileReader?fileid=110550&cateid=1001838th Gen Core12.0.92.2145Available nowhttps://support.getac.com/Service/FileReader?fileid=110553&cateid=10018311th Gen Core15.0.42.2235Available nowhttps://support.getac.com/Service/FileReader?fileid=110555&cateid=100183UX108th Gen Core12.0.92.2145Available nowhttps://support.getac.com/Service/FileReader?fileid=110553&cateid=10018310th Gen Core14.1.67.2046Available nowhttps://support.getac.com/Service/FileReader?fileid=110554&cateid=100183* Please note that the schedule above is subject to change due to the test status. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00610 /SA-00699 )Product NameCPU GenerationDriverVersionDriverRelease StatusLatest DriverPlease click on the links below to downloadX5007th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/809S4107th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/8098th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/80911th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/809A1406th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/80910th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/809B3008th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/809B36010th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/809K1208th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/80911th Gen Core22.180Available nowhttps://support.getac.com/Portal/Page/809V1107th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/8098th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/80910th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/809F1107th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/8098th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/80911th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/809UX108th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/80910th Gen Core22.160Available nowhttps://support.getac.com/Portal/Page/809* Please note that the schedule above is subject to change due to the test status. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00688 )Product NameCPU GenerationBIOSVersionBIOSRelease StatusLatest BIOSPlease click on the links below to downloadX5007th Gen CoreR1.29Available nowhttps://support.getac.com/Portal/Page/809S4107th Gen CoreR1.26Available nowhttps://support.getac.com/Portal/Page/8098th Gen CoreR1.25Available nowhttps://support.getac.com/Portal/Page/80911th Gen CoreR1.31Available nowhttps://support.getac.com/Portal/Page/809A1406th Gen CoreR1.22Available nowhttps://support.getac.com/Portal/Page/809 10th Gen CoreR1.13Available nowhttps://support.getac.com/Portal/Page/809B3008th Gen CoreR1.17Available nowhttps://support.getac.com/Portal/Page/809B36010th Gen CoreR1.28Available nowhttps://support.getac.com/Portal/Page/809K1208th Gen CoreR1.17Available nowhttps://support.getac.com/Portal/Page/80911th Gen CoreR1.16Available nowhttps://support.getac.com/Portal/Page/809V1107th Gen CoreR1.20Available nowhttps://support.getac.com/Portal/Page/8098th Gen CoreR1.14Available nowhttps://support.getac.com/Portal/Page/80910th Gen CoreR1.13Available nowhttps://support.getac.com/Portal/Page/809F1107th Gen CoreR1.25Available nowhttps://support.getac.com/Portal/Page/8098th Gen CoreR1.18Available nowhttps://support.getac.com/Portal/Page/80911th Gen CoreR1.11Available nowhttps://support.getac.com/Portal/Page/809UX108th Gen CoreR1.19Available nowhttps://support.getac.com/Portal/Page/80910th Gen CoreR1.18Available nowhttps://support.getac.com/Portal/Page/809* Please note that the schedule above is subject to change due to the test status. GETAC AFFECTED PRODUCTS AND SOLUTION (SA-00717 )Product NameCPUGenerationBIOSVersionBIOSRelease StatusLatest BIOSPlease click on the links below to downloadX5007th Gen CoreR1.30.0705202023.6.30https://support.getac.com/Portal/Page/809S4107th Gen CoreR1.29.0705202023.6.30https://support.getac.com/Portal/Page/8098th Gen CoreR1.26.0705202023.6.30https://support.getac.com/Portal/Page/80911th Gen CoreR1.32.0705202023.6.30https://support.getac.com/Portal/Page/809A14010th Gen CoreR1.14.0705202023.6.30https://support.getac.com/Portal/Page/809B3008th Gen CoreR1.18.0705202023.6.30https://support.getac.com/Portal/Page/809B36010th Gen CoreR1.31.0705202023.6.30https://support.getac.com/Portal/Page/809K1208th Gen CoreR1.18.0705202023.6.30https://support.getac.com/Portal/Page/80911th Gen CoreR1.17.0705202023.6.30https://support.getac.com/Portal/Page/809V1107th Gen CoreR1.21.0705202023.6.30https://support.getac.com/Portal/Page/8098th Gen CoreR1.15.0705202023.6.30https://support.getac.com/Portal/Page/80910th Gen CoreR1.14.0705202023.6.30https://support.getac.com/Portal/Page/809F1107th Gen CoreR1.26.0705202023.6.30https://support.getac.com/Portal/Page/8098th Gen CoreR1.19.0705202023.6.30https://support.getac.com/Portal/Page/80911th Gen CoreR1.13.0705202023.6.30https://support.getac.com/Portal/Page/809UX108th Gen CoreR1.20.0705202023.6.30https://support.getac.com/Portal/Page/80910th Gen CoreR1.21.0705202023.6.30https://support.getac.com/Portal/Page/809* Please note that the schedule above is subject to change due to the test status. Getac Disclaimer:All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis. Getac hereby expressly disclaims any warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for any particular purpose, non-infringement of intellectual property. All products, information, and figures specified are preliminary based on current expectations and Getac reserves the right to change or update any content thereof at any time without prior notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their specified environments and take appropriate actions. The use of this statement, and all consequences of such use, is solely at the user’s own responsibility, risk, and expense thereof. In no event shall Getac or any of its affiliates be liable for any and all claims, damages, costs or expenses, including without limitation, loss of profits, loss of data, loss of business expectancy, compensatory, direct, indirect, consequential, punitive, special, or incidental damages or business interruption arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon. Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
Getac Technology Corporation Statement on Trusted Platform Module Firmware Security Update
2023/05/26
Getac Technology Corporation Statement on Trusted Platform Module Firmware Security Update Notice:Getac Technology Corporation (“Getac”) continues to work on qualifying and applying the fixes provided by Nuvoton Technology Corporation (“Nuvoton”) to supported Getac systems. Please refer to the table below to identify fixes for your systems. Release Date: 1st Apr, 2022Last Updated: 26 May, 2023 Summary: Nuvoton has informed Getac of a potential vulnerability that an attacker with physical access to Nuvoton Trusted Platform Module (“TPM”) NPCT75x (7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography private key via a side-channel attack against ECDSA because of an Observable Timing Discrepancy. (link)CVEID: CVE-2020-25082 Getac Affected Products and Recommendations:1. For certain products currently being manufactured or already in the field, Getac will also release solutions for the update. Please check the affected products in the table below. 2. The latest version solution is backwards-compatible with the previous version.Getac Affected Products and SolutionProduct NameCPU GenerationTPMFW VersionRelease DateSolution LinkA14010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035B3008th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035B36010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035F1108th Gen7.2.0.1 / 7.2.0.2 30 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035F11011th Gen7.2.1.026 May, 2023https://support.getac.com/Service/FileReader?fileid=110703&cateid=100183K1208th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035K12011th Gen7.2.1.026 May, 2023https://support.getac.com/Service/FileReader?fileid=110703&cateid=100183S4108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035S41011th Gen7.2.1.026 May, 2023https://support.getac.com/Service/FileReader?fileid=110703&cateid=100183UX108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035UX1010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035V1108th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035V11010th Gen7.2.1.030 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035RX107th Gen7.2.0.1 / 7.2.0.230 May, 2022https://support.getac.com/Service/FileReader/Index?fileid=110401&cateid=100035* Please note that the schedule above is subject to change due to test status. Getac Disclaimer:All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis. Getac hereby expressly disclaims any warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for any particular purpose, non-infringement of intellectual property. All products, information, and figures specified are preliminary based on current expectations and Getac reserves the right to change or update any content thereof at any time without prior notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their specified environments and take appropriate actions. The use of this statement, and all consequences of such use, is solely at the user’s own responsibility, risk, and expense thereof. In no event shall Getac or any of its affiliates be liable for any and all claims, damages, costs or expenses, including without limitation, loss of profits, loss of data, loss of business expectancy, compensatory, direct, indirect, consequential, punitive, special, or incidental damages or business interruption arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon. Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
Getac Technology Corporation Statement on Trusted Platform Module Firmware Security Vulnerability
2023/05/05
Getac Technology Corporation Statement on Trusted Platform Module Firmware Security VulnerabilityNotice:Getac Technology Corporation (“Getac”) continues to work on qualifying and applying the fixes provided by Nuvoton Technology Corporation (“Nuvoton”) to supported Getac systems. Please refer to the table below to identify fixes for your systems. Release Date: 14th Mar, 2023Latest Updated: 5th May, 2023 Summary: The potential vulnerabilities of CVE-2023-1017, CVE-2023-1018 were found existing in TPM2.0 module library which could potentially lead to denial of service and/or arbitrary code execution in the TPM contect.CVE-2023-1018: Getac products are not affected by CVE-2023-1018.CVE-2023-1017: It is reported that an attacker with physical access to Nuvoton Trusted Platform Module (“TPM”) NPCT65x with Firmware 1.3.0.1, 1.3.1.0 & 1.3.2.8 could not succeed in writing to or corrupting the TPM but does cause the NPCT65x to become inaccessible as it enters a recoverable protection mode intended to safeguard the NPCT65x and its contents. The functionality of NPCT65x can be restored by a full power cycle (Hard reset) when TPM is in protection mode. (link)CVEID: CVE-2023-1017, CVE-2023-1018Getac Affected Products and Recommendations:Upgrading to firmware version 1.3.2.20 will help to correct this issue; however, please note that version 1.3.2.20 is not FIPS, TCG or Common Criteria (CC) certified (though functionality wise, there are no real differences between versions 1.3.2.8 and 1.3.2.20 according to Nuvoton). For those who are unable to update to firmware version 1.3.2.20, please note that a full power cycle (Hard reset) can restore the functionality of NPCT65x when TPM is in protection mode due to an attack related to this vulnerability.Please check the affected products in the table below: Getac Affected Products and Solution Product Name CPU Generation TPM FW Version Release Date Solution Link A140 6th Gen 1.3.1.0 5th May, 2023 https://support.getac.com/Service/FileReader?fileid=110644&cateid=100183 F110 7th Gen 1.3.1.0 5th May, 2023 https://support.getac.com/Service/FileReader?fileid=110644&cateid=100183 S410 8th Gen 1.3.1.0 5th May, 2023 https://support.getac.com/Service/FileReader?fileid=110644&cateid=100183 V110 7th Gen 1.3.1.0 5th May, 2023 https://support.getac.com/Service/FileReader?fileid=110644&cateid=100183 X500 7th Gen 1.3.1.0 5th May, 2023 https://support.getac.com/Service/FileReader?fileid=110644&cateid=100183 Getac Disclaimer:All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis. Getac hereby expressly disclaims any warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for any particular purpose, non-infringement of intellectual property. All products, information, and figures specified are preliminary based on current expectations and Getac reserves the right to change or update any content thereof at any time without prior notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their specified environments and take appropriate actions. The use of this statement, and all consequences of such use, is solely at the user’s own responsibility, risk, and expense thereof. In no event shall Getac or any of its affiliates be liable for any and all claims, damages, costs or expenses, including without limitation, loss of profits, loss of data, loss of business expectancy, compensatory, direct, indirect, consequential, punitive, special, or incidental damages or business interruption arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon. Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.
UEFI-Based Malware Statement
2022/10/28
UEFI-Based Malware StatementGetac is aware of the CosmicStrand issue, which targets the Intel® H81 Chipset module. CosmicStrand is a rootkit malware with functionality designed to inspect the UEFI¹/BIOS firmware of targeted systems by discovering vulnerabilities and enabling attackers to read/write/erase the device’s BIOS. It is similar to the already-known Trickboot malware. Both can be categorized as UEFI-based malware.Getac products undergo a series of preventive measures and tests to ensure security against UEFI-based malware.From a BIOS and firmware perspective, all Getac products follow NIST 800-147 policy regarding BIOS write protection, protecting against program or erase commands.Regarding the OS layer, Getac has analyzed it using the CHIPSEC tool from Intel, which is a framework for analyzing the security of PC platforms, including hardware, system firmware (BIOS/UEFI), and platform components.Getac rugged products¹ have passed tests that ensure the protection of the UEFI BIOS from programmable SPI writes by malware and reduce the risk of attack by known threats.To ensure appropriate level of security against malware, we suggest you update the firmware to the latest version to mitigate various known vulnerabilities.¹ CHIPSEC analyzes the following platforms only: 11th Generation Intel® Core™ Processors, 10th Generation Intel® Core™ Processors, 8th Generation Intel® Core™ Processors, 7th Generation Intel® Core™ Processors, 6th Generation Intel® Core™ Processors, and Intel® Atom® x7-Z8750 ProcessorGetac Disclaimer:All content and other information mentioned in this statement or offered arising from the issue described herein are provided on an “as is ” basis. Getac hereby expressly disclaims any warranties of any kind, express or implied, including without limitation warranties of merchantability, fitness for any particular purpose, non-infringement of intellectual property. All products, information, and figures specified are preliminary based on current expectations and Getac reserves the right to change or update any content thereof at any time without prior notice. Getac assessments have been estimated or simulated using Getac internal analysis or architecture simulation or modeling, and may not represent the actual risk to the users’ local installation and individual environment. Users are recommended to determine the applicability of this statement to their specified environments and take appropriate actions. The use of this statement, and all consequences of such use, is solely at the user’s own responsibility, risk, and expense thereof. In no event shall Getac or any of its affiliates be liable for any and all claims, damages, costs or expenses, including without limitation, loss of profits, loss of data, loss of business expectancy, compensatory, direct, indirect, consequential, punitive, special, or incidental damages or business interruption arising out of or in connection with related to the information contained herein or actions that the user decides to take based thereon. Getac reserves the right to interpret this disclaimer and update this disclaimer whenever necessary.