Critical HPE Servers ROM Update

HPE has released ROM updates for ProLiant servers at March 2018. Those updates has been released in order to updating Intel processor microcode to the latest version.

After discovering the vulnerability at January 2018, Operating Systems updates and ROM updates have been released by OS vendors and hardware vendors to preventing security breaches.

There are three variants of this vulnerability as indicated in the table below. As indicated, all three variants require operating system updates for mitigation. Variant 2 also requires an updated microcode from the processor vendor which HPE delivers as part of the System ROM. All variants of the vulnerability require malicious software to run on the system. To reduce exposure to these vulnerabilities, HPE recommends customers vigilantly maintain security best practices and keep systems up-to-date.

Read more the below link, about updated ROM and find the list of servers that those servers have available system ROM:

Bulletin: (Revision) HPE ProLiant, Moonshot and Synergy Servers – Side Channel Analysis Method Allows Improper Information Disclosure in Microprocessors (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)