The flaw in the processor diagnostic tool (CVE-2019-11133) is rated 8.2 out 10 on the CVSS 3.0 scale, making it a high-severity vulnerability. The flaw “may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access,” according to Intel’s latest security advisory. Versions of the tool that are older than 184.108.40.206 are affected.
The second vulnerability, found by Intel’s internal team, is a medium-severity vulnerability in Intel’s SSD DC S4500/S4600 series sold to data center customers. The flaw found in the SSD firmware versions older than SCV10150 obtained a 5.3 score on the CVSS 3.0 scale, so it was labeled medium-severity. The bug may allow an unprivileged user to enable privilege escalation via physical access.
As one of the flaws was uncovered by Intel itself and for the other the Eclypsium research coordinated with Intel for its disclosure, Intel was able to have ready the patches in time for the public announcement.
Local access privilege escalation usually come and go without anyone noticing, Windows must average over 1 a month, CVE-2019-1132 and CVE-2019-0880 are two from this months patch Tuesday (and 16 critical/60 important updates is a sparse month) - Did you even know that MS fixed two this month?