Security News > 2020 > February > Intel Patches High-Severity Flaw in Security Engine

Intel is warning of a high-severity flaw in the firmware of its converged security and management engine, which if exploited could allow privilege escalation, denial of service and information disclosure.

Another critical flaw discovered in May could allow an authenticated user to enable escalation of privilege over network access in CSME. Overall, Intel patched six flaws on Tuesday, including the high-severity flaw in CSME. The remainder of the vulnerabilities were medium and low-severity.

A medium-severity flaw was found in Intel Renesas Electronics USB 3 driver, the driver for the USB 3 Renesas Electronics adapter that comes in many common Intel motherboards.

"Intel has issued a Product Discontinuation notice for Intel Renesas Electronics USB 3.0 Driver and recommends that users of the Intel Renesas Electronics USB 3.0 Driver uninstall it or discontinue use at their earliest convenience," Intel said.

Intel also patched a medium-severity flaw in Intel Manycore Platform Software Stack, a series of Intel software components necessary to run the Intel Xeon Phi Coprocessor.

News URL

https://threatpost.com/intel-patches-high-severity-flaw-in-security-engine/152794/