Intel launches security blog, pushes security patches

News by Doug Olenick

Intel platform update covers 77 vulnerabilities, two of which were rated critical

Intel has joined the Patch Tuesday crowd with a platform update that covered 77 vulnerabilities, two of which were rated critical.

The chip maker noted the security updates in a new blog the company said it will use to disseminate security updates, bug bounty topics, new security research, and engagement activities within the security research community.

Intel is dividing its updates by advisory with each covering a single or set of products.

The vulnerability is a heap overflow in a subsystem in Intel’s CSME versions 11.8.70, 11.11.70, 11.22.70, 12.0.45 and before; Intel TXE versions 3.1.70 and 4.0.20 and earlier. These may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service.

The second critical vulnerability, CVE-2019-11171, in advisory INTEL-SA-00313, 12 vulnerabilities, is another heap corruption issue. This time in Intel’s Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.

The first critical issue covered is CVE-2019-0169 in INTEL-SA-00241, which has 24 vulnerabilities overall, that impacts a variety of Intel products including its Converged Security and Manageability Engine, Server Platform Services, Trusted Execution Engine, Active Management Technology, Platform Trust Technology and Dynamic Application Loader.

The original version of this article was published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews