Intel addressed 14 security vulnerabilities during the December 2019 Patch Tuesday, with seven of them being high and medium severity security flaws impacting multiple platforms including Windows and Linux.
The security issues patched today were detailed in the 9 security advisories published by Intel on its Product Security Center, with the company having delivered them to customers through the Intel Platform Update (IPU) process.
The vulnerabilities disclosed today could allow authenticated or privileged users to potentially enable information disclosure, trigger denial of service states, escalate privileges, or execute malicious code at an elevated level of privilege via local access.
Each advisory comes with a detailed list of all affected products as well as recommendations for vulnerable products, and also include contact details for users and researchers who would want to report other vulnerabilities found in Intel branded tech or products.
Desktop, mobile, embedded, and server CPUs exposed to Plundervolt attacks
Today's updates also patch Intel CPUs against a newly discovered attack dubbed by researchers behind it Plundervolt and targeting the Intel Software Guard eXtensions (SGX) set of security-related instruction codes within modern Intel CPUs.
Plundervolt attacks would abuse the CVE-2019-11157 vulnerability via local access, a flaw addressed by Intel as part of the INTEL-SA-00289 advisory.
"INTEL-SA-00289 is an advisory we worked on with multiple academic researchers that affects client systems, and some Xeon E based platforms. Some of the researchers have demonstrated the same class of issue on non-Intel architectures," Intel says.
"When SGX is enabled on a system, a privileged user may be able to mount an attack through the control of CPU voltage settings with the potential to impact the confidentiality and integrity of software assets. Intel has worked with system vendors to develop a microcode update that mitigates the issue by locking voltage to the default settings."
"We were able to corrupt the integrity of Intel SGX on Intel Core processors by controling the voltage when executing enclave computations," the research team who developed the attack states. "This means that even Intel SGX's memory encryption/authentication technology cannot protect against Plundervolt."
The list of CPU models affected by Plundervolt includes:
• Intel 6th, 7th, 8th, 9th & 10th Generation Core Processors.
• Intel Xeon Processor E3 v5 & v6
• Intel Xeon Processor E-2100 & E-2200 Families.
Intel also states that the vulnerability has not been exploited by attackers in the wild and it recommends users of the Intel Processors listed above to install the latest BIOS version provided by their system's manufacturer to address this issue as soon as possible.
Full list of November 2019 Patch Tuesday advisories
Today's Intel security advisories are listed in the table embedded below, with information on their CVSS range severity rating to help users with patch deployment prioritization.
"We recommend you check with your system manufacturers and operating system vendors to determine how to obtain these updates," Intel said as part of last month's Patch Tuesday release.
Advisory | Advisory Number | Severity rating | CVSS Range |
Intel NUC Firmware Advisory | INTEL-SA-00323 | HIGH | 7.5-7.8 |
Unexpected Page Fault in Virtualized Environment Advisory | INTEL-SA-00317 | MEDIUM | 5.3 |
Intel SCS Platform Discovery Utility Advisory | INTEL-SA-00312 | MEDIUM | 6.7 |
Intel Quartus Prime Pro Edition Advisory | INTEL-SA-00311 | MEDIUM | 2 |
Control Center-I Advisory | INTEL-SA-00299 | MEDIUM | 6.7 |
Intel Processors Voltage Settings Modification Advisory | INTEL-SA-00289 | HIGH | 7.9 |
Intel Ethernet I218 Adapter Driver for Windows Advisory | INTEL-SA-00253 | LOW | 3.8 |
Linux Administrative Tools for Intel Network Adapters Advisory | INTEL-SA-00237 | HIGH | 8.2 |
Intel Dynamic Platform and Thermal Framework Advisory | INTEL-SA-00230 | LOW | 3.2 |
"We are not aware of any of these issues being used in the wild, but as always, we recommend installing security updates as soon as possible," Intel also recommends.
A list of computer manufacturer support sites you can obtain most updates from is available here.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now