Intel addressed 95 vulnerabilities in the November 2020 Patch Tuesday, including some critical vulnerabilities affecting productτα Intel Wireless Bluetooth και Intel Active Management Technology (AMT).
The issues are discussed in detail in the 40 security tips published by Intel in Product Security CenterBy company to have delivered security and functional updates to users through the Intel Platform Update (IPU) process;
Intel provides a list of all affected products and recommendations for vulnerable products at the end of each consultation, as well as contact information for those who wish to report other security issues or vulnerabilities identified in Intel-branded products or technology.
Notably among the security updates issued on Tuesday, Intel addressed a critical vulnerability with a CVSS score of 9,4 / 10 in Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM) products.
The defect (monitored as CVE-2020-8752) is an IPv6 subsystem entry of Intel AMT and ISM (versions prior to 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0) that allows remote unauthorized privilege change.
Successful exploitation requires setting up vulnerable products with IPv6 which is not a default setting according to Intel.
A second critical security flaw (CVE-2020-12321) with a CVSS severity score of 9,6 / 10 affecting some Intel Wireless Bluetooth products was also addressed in the Intel update in November.
The new vulnerabilities of the Intel CPU (CVE-2020-8694and CVE-2020-8695) were named PLATYPUS and were discovered by an international team of researchers from the University of Technology Graz, the CISPA Helmholtz Center for Information Security and the University of Birmingham.
Successful exploitation of the two vulnerabilities could leak information from the Running Average Power Limit (RAPL) interface, which is used to monitor and manage CPU and consumption energy of DRAM memory.
The researchers they also released a video showing how someone can steal AES-NI keys from Intel SGX with a PLATYPUS attack.
- KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2
- KB4589211: Intel microcode updates for Windows 10, version 1903 and 1909, and Windows Server, version 1903 and 1909
- KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019
- KB4589206: Intel microcode updates for Windows 10, version 1803
- KB4589210: Intel microcode updates for Windows 10, version 1607 and Windows Server 2016
- KB4589198: Intel microcode updates for Windows 10, version 1507