Intel introduced 40 security advisories in overall, addressing critical- and large-severity flaws across its Active Management Technology, Wireless Bluetooth and NUC products.
A huge Intel security update this thirty day period addresses flaws across a myriad of items – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in get to acquire escalated privileges.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
These critical flaws exist in items related to Wi-fi Bluetooth – which include many Intel Wi-Fi modules and wi-fi network adapters – as effectively as in its remote out-of-band administration device, Lively Administration Technology (AMT).
All round, Intel launched 40 security advisories on Tuesday, each addressing critical-, superior- and medium-severity vulnerabilities throughout many items. That by considerably trumps October’s Intel security update, which settled one large-severity flaw in BlueZ, the Linux Bluetooth protocol stack that offers aid for main Bluetooth levels and protocols to Linux-based mostly internet-of-points (IoT) equipment.
Critical Flaws
A single critical-severity vulnerability exists in Intel AMT and Intel Standard Manageability (ISM). AMT, which is made use of for remote out-of-band management of PCs, is portion of the Intel vPro platform (Intel’s umbrella marketing and advertising expression for its assortment of laptop or computer hardware technologies) and is largely utilised by organization IT shops for remote administration of corporate methods. ISM has a equivalent functionality as AMT.
The flaw (CVE-2020-8752) which ranks 9.4 out of 10 on the CvSS vulnerability-severity scale, stems from an out-of-bounds produce mistake in IPv6 subsystem for Intel AMT and Intel ISM. If exploited, the flaw could enable an unauthenticated consumer to acquire escalated privileges (by way of network entry).
Variations right before 11.8.80, 11.12.80, 11.22.80, 12..70 and 14..45 are affected customers are urged to “update to the latest model delivered by the program maker that addresses these issues.”
A different critical-severity flaw (CVE-2020-12321) exists in some Intel Wi-fi Bluetooth items before variation 21.110. That bug, which scores 9.6 out of 10 on the CvSS scale, could let an unauthenticated consumer to perhaps allow escalation of privilege by using adjacent access. This implies an attacker is demanded to have accessibility to a shared actual physical network with the victim.
Influenced products and solutions incorporate Intel Wi-Fi 6 AX200 and AX201, Intel Wireless-AC 9560, 9462, 9461 and 9260, Intel Twin Band Wireless-AC 8265, 8260 and 3168, Intel Wi-fi 7265 (Rev D) household and Intel Dual Band Wi-fi-AC 3165. Consumers of these items are advised to update to model 21.110 or later on.
Large-Severity Flaws
Intel also fixed numerous higher-severity vulnerabilities, such as a path traversal in its Endpoint Management Assistant (CVE-2020-12315) — which presents equipment to observe and enhance products. This flaw could give an unauthenticated consumer escalated privileges through network entry.
4 superior-severity flaws exist in Intel PROSet/Wireless Wi-Fi solutions just before version 21.110. Intel PROSet/Wireless Wi-Fi software program is employed to established up, edit and deal with Wi-Fi network profiles to join to Wi-Fi networks.
These vulnerabilities stem from inadequate command-stream management (CVE-2020-12313), poor input validation (CVE-2020-12314), security-system failure (CVE-2020-12318) and poor buffer restriction (CVE-2020-12317). They can allow denial-of-services (DoS) attacks or privilege escalation.
An additional large-severity flaw in Intel stable-condition travel (SSD) products could allow for an unauthenticated consumer to likely help information and facts disclosure – if they have actual physical obtain to the system. The flaw (CVE-2020-12309) stems from insufficiently protected credentials in the client SSD subsystems. A array of SSDs – like the Pro 6000p sequence, Pro 5450s and E 5100s collection – are impacted and can be identified below.
Intel’s Upcoming Device Computing (NUC) mini Pc also experienced two higher-severity flaws which include an insecure default variable initialization issue in the firmware (CVE-2020-12336), that could permit authenticated buyers (with neighborhood accessibility) to escalate their privileges. The other is an inappropriate buffer restriction in the firmware (CVE-2020-12337) enabling privileged people to escalate privileges (by means of nearby obtain).
Other large-severity flaws incorporate an incorrect buffer restriction (CVE-2020-12325) in Intel Thunderbolt DCH drivers for Windows an inappropriate accessibility-handle gap (CVE-2020-12350) in Intel’s Extreme Tuning Utility and an inappropriate input-validation flaw (CVE-2020-12347) in the Intel Details Center Manager Console.
Hackers Set Bullseye on Health care: On Nov. 18 at 2 p.m. EDT find out why hospitals are having hammered by ransomware attacks in 2020. Save your location for this Free webinar on health care cybersecurity priorities and hear from major security voices on how facts security, ransomware and patching want to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, minimal-engagement webinar.
Some sections of this post are sourced from:
threatpost.com