Intel Security Advisories (February 11, 2020)

[German]On February 11, 2020, Intel published several security advisories on vulnerabilities in products in the Product Security Center. These range from Intel® RAID Web Console 3 (RWC3) for Windows to USB drivers. There will be no more updates for some products; Intel has now discontinued these.


Advertising

German blog reader Ismail pointed out the newly published deatils in Product Security Center (thanks).

  • Intel® RWC3 Advisory (INTEL-SA-00341): A potential (Escalation of Privilege) vulnerability in Intel® RAID Web Console 3 (RWC3) for Windows could allow privilege escalation. Intel has released software updates to address this potential vulnerability.
  • Intel® MPSS Advisory (INTEL-SA-00340): An Escalation of Privilege vulnerability exists in the Intel® Manycore Platform Software Stack (MPSS). Improper privileges in the Intel® Manycore MPSS installer prior to version 3.8.6 may allow an authenticated user to enable privilege escalation via local access.
  • Intel® RWC2 Advisory (INTEL-SA-00339): An Escalation of Privilege vulnerability exists in the Intel® RAID Web Console 2 (RWC2). Intel is not releasing updates to address this potential vulnerability and has issued a product announcement for Intel® RWC2.
  • Intel® SGX SDK Advisory (INTEL-SA-00336): An Escalation of Privilege vulnerability exists in the Intel® Software Guard Extensions (SGX) SDK. Through improper initialization in the Intel(R) SGX SDK, an authenticated user may be able to achieve an escalation of privileges via local access. Intel is releasing software updates to address this potential vulnerability.
  • Intel® CSME Advisory (INTEL-SA-00307): There are three vulnerabilities (Escalation of Privilege, Denial of Service, Information Disclosure) in the CSME subsystem. Improper authentication in the subsystem in Intel(R) CSME versions 12.0 to 12.0.48 (IOT only: 12.0.56), versions 13.0 to 13.0.20, versions 14.0 to 14.0.10 can allow a privileged user to allow an escalation of privileges, denial of service, or information disclosure about local access. Intel releases firmware updates to mitigate this potential vulnerability.
  • Intel® Renesas Electronics® USB 3.0 Driver Advisory (INTEL-SA-00273):

    An Escalation of Privilege vulnerability exists in the Intel® Renesas Electronics® USB 3.0 driver. Improper privileges in the installation program for the Intel® Renesas Electronics® USB 3.0 driver, all versions, may allow an authenticated user to enable escalation of privileges via local access. Intel is not releasing updates to address this potential vulnerability and has issued a product announcement for this driver.

Details can be found in the respective linked individual pages with the safety instructions.


Advertising
This entry was posted in Security, Software and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *