Intel has issued security updates for two of its products which enterprise and expert users will want to patch as soon as possible.
On paper, the most serious of the two affects 32/64-bit versions of the Intel Processor Diagnostic Tool (IPDT), a Windows utility used to test Intel microprocessor behaviour and troubleshoot faults.
Discovered by researcher Jesse Michael of firmware security company Eclypsium, the severity rating for this flaw (CVE-2019-11133) is ‘high’, which under the industry CVSS scoring system is a notch below critical.
The full details have yet to be released but are described in general terms as allowing:
An authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.
In the hands of an attacker, that would be carte blanche to do what they wanted. The limitation indicated by the use of the word “authenticated” means that local access to the computer is needed for an attack, but that could happen if a system were infected with malware.
On the other hand, the IPDT is a tool that only a subset of users, mostly specialists and admins, should have installed on their computers. The fix for anyone using it is to download version 126.96.36.199 or later.
Although the second flaw, affecting Intel’s Data Center S4500/S4600 Series Solid State Drive (SSD) firmware, is only rated ‘medium’ on CVSS, arguably it’s the more widespread and inconvenient of the two.
Identified as CVE-2018-18095 after being discovered internally by Intel, exploiting the vulnerability would allow privilege escalation on drives using firmware before version SCV10150.
Again, an attacker would need physical access to the management interface for the affected SSDs, which takes it out of the league of opportunist attackers.
However, although only launched less than two years ago in capacities up to 4TB, these drives are likely to have been installed inside numerous data centers that invested in the claimed lower failure rates and higher performance that comes with enterprise SSDs.
The good news is that updating multiple drives can be achieved using the Intel SSD Data Center Tool, which also automates finding updated firmware images.
Intel posts regular security updates across its product families on its support website.