iGuRu
Now Reading
Intel fixes 95 vulnerabilities
iGuRu

Intel fixes 95 vulnerabilities

Intel

Intel addressed 95 vulnerabilities in the Patch Tuesday November 2020, including some critical vulnerabilities that affect Intel Wireless Bluetooth and Intel Active Management Technology (AMT) products.

The issues are discussed in detail in the 40 security tips published by Intel in Product Security Center, with the company delivering security and operational updates to users through the Intel Platform Update (IPU) process.intel logo - Intel fixes 95 vulnerabilities

Intel provides a list of all affected products and recommendations for vulnerable products at the end of each consultation, as well as contact information for those who wish to report other security issues or vulnerabilities identified in Intel-branded products or technology.

Among the security updates released on Tuesday, Intel encountered a critical vulnerability with a CVSS score of 9,4 / 10 on Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM) products.

The defect (monitored as CVE-2020-8752) is an IPv6 subsystem entry of Intel AMT and ISM (versions prior to 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0) that allows remote unauthorized privilege change.

Successful exploitation requires setting up vulnerable products with IPv6 which is not a default setting according to Intel.

A second critical security flaw (CVE-2020-12321) with a CVSS severity score of 9,6 / 10 affecting some Intel Wireless Bluetooth products was also addressed in the Intel update in November.

The new vulnerabilities of the Intel CPU (CVE-2020-8694and CVE-2020-8695) were named PLATYPUS and were discovered by an international team of researchers from the University of Technology Graz, the CISPA Helmholtz Center for Information Security and the University of Birmingham.

Successful exploitation of the two vulnerabilities could lead to information leakage from the Running Average Limit Power (RAPL) interface, which is used to monitor and manage CPU and DRAM power consumption.

The researchers also released a video showing how one could steal AES-NI keys from the Intel SGX with a PLATYPUS attack.

The following microcode updates are available to affected devices via Windows Update, but can also be downloaded directly from the Microsoft Directory using the links below:
  • KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2
  • KB4589211: Intel microcode updates for Windows 10, version 1903 and 1909, and Windows Server, version 1903 and 1909
  • KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019
  • KB4589206: Intel microcode updates for Windows 10, version 1803
  • KB4589210: Intel microcode updates for Windows 10, version 1607 and Windows Server 2016
  • KB4589198: Intel microcode updates for Windows 10, version 1507
You can find a list of all the Intel security tips published below, with full details of each of the security vulnerabilities.
AdvisoriesAdvisory Number
Intel DSA AdvisoryINTEL-SA-00449
Intel Board ID Tool AdvisoryINTEL-SA-00447
Intel Quartus Prime AdvisoryINTEL-SA-00446
Intel Server Board S2600ST & S2600WF AdvisoryINTEL-SA-00439
Intel Battery Life Diagnostic Tool AdvisoryINTEL-SA-00431
Intel Data Center Manager Console AdvisoryINTEL-SA-00430
Intel XTU AdvisoryINTEL-SA-00429
Intel CSI2 Host Controller AdvisoryINTEL-SA-00427
Open WebRTC Toolkit AdvisoryINTEL-SA-00424
Intel VTune Profiler AdvisoryINTEL-SA-00423
Intel Thunderbolt DCH Drivers for Windows AdvisoryINTEL-SA-00422
Intel HID Event Filter Driver AdvisoryINTEL-SA-00421
Intel QAT for Linux AdvisoryINTEL-SA-00420
Intel Processor Identification Utility AdvisoryINTEL-SA-00419
Intel Unite Cloud Service Client AdvisoryINTEL-SA-00418
Intel Advisor tools AdvisoryINTEL-SA-00417
Intel Falcon 8+ UAS AscTec Thermal Viewer AdvisoryINTEL-SA-00416
Intel ADAS IE AdvisoryINTEL-SA-00415
Intel NUC Firmware AdvisoryINTEL-SA-00414
Intel SCS Add-on for Microsoft * AdvisoryINTEL-SA-00413
Intel EMA AdvisoryINTEL-SA-00412
Intel Computing Improvement Program AdvisoryINTEL-SA-00410
Intel High Definition Audio AdvisoryINTEL-SA-00409
Intel RealSense D400 Series Dynamic Calibration Tool AdvisoryINTEL-SA-00408
Intel Wireless Bluetooth AdvisoryINTEL-SA-00403
Intel PROSet / Wireless WiFi Software AdvisoryINTEL-SA-00402
Intel 50GbE IP Core for Intel Quartus Prime AdvisoryINTEL-SA-00400
Intel SGX DCAP Software AdvisoryINTEL-SA-00398
2020.2 IPU - Intel CSME, SPS, TXE, and AMT AdvisoryINTEL-SA-00391
Intel BIOS Platform Sample Code AdvisoryINTEL-SA-00390
2020.2 IPU - Intel RAPL Interface AdvisoryINTEL-SA-00389
Intel Stratix 10 FPGA SDM for Intel Quartus Prime Pro AdvisoryINTEL-SA-00388
2020.2 IPU - Intel Processor AdvisoryINTEL-SA-00381
Intel Ethernet 700 Series Controller AdvisoryINTEL-SA-00380
Intel Visual Compute Accelerator 2 AdvisoryINTEL-SA-00368
Intel SSD AdvisoryINTEL-SA-00362
Intel PMC AdvisoryINTEL-SA-00360
2020.2 IPU - BIOS AdvisoryINTEL-SA-00358
Intel Unite Client AdvisoryINTEL-SA-00350
Intel Media SDK for Windows * AdvisoryINTEL-SA-00262

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News

View Comments (0)

Leave a Reply

Your email address Will not be published.

 

iGuRu.gr © 2012 - 2020 Keep it Simple Stupid Custom Theme

Scroll To Top