Security News > 2021 > June > Intel Plugs 29 Holes in CPUs, Bluetooth, Security
Intel has unleashed 29 security advisories to plug up some serious bugs in the BIOS firmware for Intel processors, as well as in its Bluetooth products, Active Management Technology tools, the NUC Mini PC line, and, ironically, in its own security library.
"Forty of those, or 55 percent, were found internally through our own proactive security research. Of the remaining 33 CVEs being addressed, 29, or 40 percent, were reported through our bug-bounty program. Overall, 95 percent of the issues being addressed today are the result of our ongoing investments in security assurance, which is consistent with our 2020 Product Security Report."
While issues in those products were mostly found internally by Intel security researchers and product engineers - at 75 percent - that wasn't necessarily the case in its 2019 and 2020 product security reports.
Several of the 29 vulnerabilities are rated as high-severity - including four local privilege escalation vulnerabilities in firmware for Intel's CPU products; another local privilege escalation vulnerability in Intel Virtualization Technology for Directed I/O; a network-exploitable privilege escalation vulnerability in the Intel Security Library; another locally exploitable privilege escalation in the NUC family of computers; yet more in its Driver and Support Assistant software and RealSense ID platform; and a denial-of-service vulnerability in selected Thunderbolt controllers.
Intel also patched a high-severity bug in Intel Security Library that affects iterations before version 3.3 and may allow escalation of privilege, denial of service or information disclosure.
Dirk Schrader, global vice president of security research at New Net Technologies, agreed that focusing on privilege escalation is the key to Intel's June 2021 security advisories release.
News URL
https://threatpost.com/intel-security-holes-cpus-bluetooth-security/166747/