Intel April Platform Update fixes high severity security issues

Intel addressed nine security vulnerabilities with the April 2020 Platform Update, all of them being high and medium severity security flaws impacting multiple software products, firmware, and platforms.

The security issues patched today were detailed in the 6 security advisories issued by Intel on its Product Security Center, delivered to customers through the Intel Platform Update (IPU) process.

Vulnerabilities disclosed today could allow unauthenticated or authenticated or privileged users to trigger denial of service states and escalate privileges at an elevated level of privilege via local or adjacent access on unpatched systems.

Each of the six advisories Intel published today comes with a detailed list of all affected products and recommendations for vulnerable products, and also include contact details for those who would want to report security issues found in Intel branded tech or products.

Some of the security issues fixed today

Two of the vulnerabilities patched today are present in Intel PROSet/Wireless WiFi products on Windows 10 and allow:

• authenticated attackers to potentially enable escalation of privilege via local access because of insecure inherited permissions (CVE-2020-0557)
• unprivileged attackers to potentially enable denial of service via adjacent access due to Improper buffer restrictions in the kernel mode driver (CVE-2020-0558)

The two high severity flaws patched today are present in the system firmware for some Intel NUC mini PCs and in the Intel Modular Server MFS2600KISPP Compute Module, and they make it possible for:

• authenticated attackers to potentially enable escalation of privilege via local access due to improper buffer restrictions (CVE-2020-0600)
• unauthenticated attackers to potentially enable escalation of privilege via adjacent access because of improper conditions checks (CVE-2020-0578)

April 2020 Platform Update advisories

Today’s Intel security advisories are listed in the table embedded below, with information on their CVSS range severity rating to help users with patch deployment prioritization.

Intel usually recommends checking the download links provided within the advisories or checking with your system manufacturers and operating system vendors to determine how to obtain these updates.

Advisory Advisory ID Severity rating CVSS Range
Intel NUC Firmware Advisory INTEL-SA-00363 HIGH 7.8
Intel Modular Server Compute Module Advisory INTEL-SA-00351 HIGH 4.3-7.1
Intel Data Migration Software Advisory INTEL-SA-00327 MEDIUM 6.7
Intel PROSet/Wireless WiFi Software Advisory INTEL-SA-00338 MEDIUM 4.3-6.7
Intel Binary Configuration Tool for Windows Advisory INTEL-SA-00359 MEDIUM 6.7
Intel Driver and Support Assistant Advisory INTEL-SA-00344 MEDIUM 5.9

A list of computer manufacturer support sites you can obtain most updates from is available here.

Intel is not aware of any of these issues being actively exploited in the wild but users are advised to install the security updates issued today as soon as possible.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also published a notification encouraging users and admins to review Intel’s advisories and apply all the necessary updates or workarounds.


Next Post

'Short sighted.' Health experts decry Trump's freeze on U.S. funding for WHO as world fights pandemic | Science

Wed Apr 15 , 2020
Donald Trump speaking at a campaign rally in Arizona in 2016, prior to being elected president. Gage Skidmore/Flickr (CC BY-SA 2.0) By Kai Kupferschmidt, Jon CohenApr. 14, 2020 , 10:00 PM Science’s COVID-19 reporting is supported by the Pulitzer Center. President Donald Trump said today he will suspend U.S. funding […]