The ZDNet article says the vulnerabilities were found in April, and "both SSD vendors whose products they've tested... have released firmware updates to address the reported flaws", but it would be good to get a clear answer from the horse's mouth.

I'd very much like to know if it affects the MX500 as well, since the researchers didn't look at current drives. I specifically bought a few MX500s due to the SED capability, so I'll be quite grumpy if I have to go back to software encryption and take the performance hit.

---

@hoodoo wrote:

I'd very much like to know if it affects the MX500 as well

Oh my... This news is not good at all.

I would like to know if it affects older models M500 and M550 as well. I use this feature on those drives and it is very likely they are affected too.

Firmware update notes say:

Firmware revisions MU05 for the MX200 (all form factors) and MU03 for the MX100 (all form factors)

Release Date: 5/25/2018 (both updates)

• Resolves security vulnerability

There is no such information for MX300!

Micron is aware of the Radboud University researchers’ report describing a potential security vulnerability in its Crucial MX100, MX200 and MX300 products.  This vulnerability can only be exploited by an individual who is able to remove the drive from the system, has the relevant equipment, as well as knowledge of the drive’s electrical and firmware functionality.

Micron has developed firmware patches to address vulnerabilities in the MX100, MX200 and MX300 products.  The MX100 and MX200 firmware updates are available today on crucial.com.  The ETA for the MX300 firmware is planned for November 13, 2018.

Micron is committed to conducting business with integrity and accountability, which includes delivering best-in-class product quality, security, and customer support.

Crucial_AgentC, Micron CPG Support, US


How do I know what memory to buy?
Shop for your region: US | UK | EU | France |
I think my memory is bad. What do I do now?
FAQs and Top Forum Solutions
Did a user help you? Say thanks by giving Kudos!
Still need help? Contact Customer Service
Want to be a Super User?

---

@Crucial_AgentC wrote:

Micron has developed firmware patches to address vulnerabilities in the MX100, MX200 and MX300 products.

---

@Hi @Crucial_AgentC, thank you for your comment. These are serious vulnerabilities.

Please can you confirm which existing (or upcoming) firmware versions contain the relevant fixes for:

• MX100
• MX200
• MX300

Can you please also confirm whether or not the MX500 is affected by any of the vulnerabilities highlighted in the Radboud research (as it was not included in their analysis), and if so, the relevant firmware version for that model as well?

Thank you.

---

@djcater wrote:

Can you please also confirm whether or not the MX500 is affected by any of the vulnerabilities highlighted in the Radboud research (as it was not included in their analysis), and if so, the relevant firmware version for that model as well?

 

---

The MX500 isn't affected.

---

@targetbsp wrote:

---

---

The MX500 isn't affected.

---

@Thanks for your comment @targetbsp.

How do you know that the MX500 isn't affected please?

---

@djcater wrote:

---

@targetbsp wrote:

---

---

The MX500 isn't affected.

---

@Thanks for your comment @targetbsp.

 

How do you know that the MX500 isn't affected please?

---

Bogdan asked in the private forum for super users ( https://forums.crucial.com/t5/Forum-Rules-Guidelines/Crucial-Super-User-Program/td-p/180442 ) and they replied that it is unaffected.  It uses an entirely different brand of drive controller to the previous MX drives so that may be why?

Here is the link - http://www.crucial.com/usa/en/support-ssd?cm_re=top-nav-_-flyout-support-_-us-support-product-suppor...

You can also update the firmware with Crucial Storage Executive - http://www.crucial.com/usa/en/support-storage-executive