Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs

2020-11-10 20:59

A massive Intel security update this month addresses flaws across a myriad of products - most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges.

These critical flaws exist in products related to Wireless Bluetooth - including various Intel Wi-Fi modules and wireless network adapters - as well as in its remote out-of-band management tool, Active Management Technology.

One critical-severity vulnerability exists in Intel AMT and Intel Standard Manageability.

ISM has a similar function as AMT. The flaw which ranks 9.4 out of 10 on the CvSS vulnerability-severity scale, stems from an out-of-bounds write error in IPv6 subsystem for Intel AMT and Intel ISM. If exploited, the flaw could allow an unauthenticated user to gain escalated privileges.

Other high-severity flaws include an improper buffer restriction in Intel Thunderbolt DCH drivers for Windows; an improper access-control hole in Intel's Extreme Tuning Utility and an improper input-validation flaw in the Intel Data Center Manager Console.

News URL

https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/

#critical #intel

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Intel		6803	271	746	379	28	1424