Η Intel αντιμετώπισε 95 ευπάθειες στο Patch Tuesday Νοεμβρίου 2020, συμπεριλαμβανομένων και ορισμένων κρίσιμων ευπαθειών που επηρεάζουν τα προϊόντα Intel Wireless Bluetooth and Intel Active Management Technology (AMT).
The issues detailed in the 40 security tips published by Intel on Product Security Center, with the company delivering security and functional updates to users through the Intel Platform process Update (IPU).
Intel provides a list of all affected products and recommendations for vulnerable products at the end of each consultation, as well as contact information for those who wish to report other security issues or vulnerabilities identified in Intel-branded products or technology.
Among the security updates released on Tuesday, Intel encountered a critical vulnerability with a CVSS score of 9,4 / 10 on Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM) products.
The defect (monitored as CVE-2020-8752) is a subscriptsystem IPv6 of Intel AMT and ISM (releases before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0) which allows remote unauthorized to change privileges.
Successful exploitation requires setting up vulnerable products with IPv6 which is not a default setting according to Intel.
A second critical security flaw (CVE-2020-12321) with a CVSS severity score of 9,6 / 10 affecting some Intel Wireless Bluetooth products was also addressed in the Intel update in November.
The new vulnerabilities of the Intel CPU (CVE-2020-8694and CVE-2020-8695) were named PLATYPUS and were discovered by an international team of researchers from the University of Technology Graz, the CISPA Helmholtz Center for Information Security and the University of Birmingham.
Successful exploitation of the two vulnerabilities could lead to leakage πληροφοριών από τη διεπαφή Running Average Limit Power (RAPL), που χρησιμοποιείται για την παρακολούθηση και διαχείριση της CPU και της κατανάλωσης ενέργειας της μνήμης DRAM.
The researchers also released a video showing how one could steal AES-NI keys from the Intel SGX with a PLATYPUS attack.
- KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2
- KB4589211: Intel microcode updates for Windows 10, version 1903 and 1909, and Windows Server, version 1903 and 1909
- KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019
- KB4589206: Intel microcode updates for Windows 10, version 1803
- KB4589210: Intel microcode updates for Windows 10, version 1607 and Windows Server 2016
- KB4589198: Intel microcode updates for Windows 10, version 1507