Overclock.net - An Overclocking Community - Reply to Topic

Thread: [Tom's Hardware] Security Flaws Found in Intel Software, Data Center SSDs Reply to Thread
Title:
Message:

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in


  Additional Options
Miscellaneous Options

  Topic Review (Newest First)
07-11-2019 12:59 PM
Melan I was more referring to the second "Intel's Security Issues Continue" part.
07-11-2019 12:31 PM
Darren9
Quote: Originally Posted by Melan View Post
They just can't catch a break, can they?
Local access privilege escalation usually come and go without anyone noticing, Windows must average over 1 a month, CVE-2019-1132 and CVE-2019-0880 are two from this months patch Tuesday (and 16 critical/60 important updates is a sparse month) - Did you even know that MS fixed two this month?
07-11-2019 11:46 AM
Melan They just can't catch a break, can they?
07-11-2019 11:34 AM
WannaBeOCer
[Tom's Hardware] Security Flaws Found in Intel Software, Data Center SSDs

Source: https://www.tomshardware.com/news/in...ssd,39845.html


Quote:
Two New Flaws Found in Intel's Software

The flaw in the processor diagnostic tool (CVE-2019-11133) is rated 8.2 out 10 on the CVSS 3.0 scale, making it a high-severity vulnerability. The flaw “may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access,” according to Intel’s latest security advisory. Versions of the tool that are older than 4.1.2.24 are affected.

The second vulnerability, found by Intel’s internal team, is a medium-severity vulnerability in Intel’s SSD DC S4500/S4600 series sold to data center customers. The flaw found in the SSD firmware versions older than SCV10150 obtained a 5.3 score on the CVSS 3.0 scale, so it was labeled medium-severity. The bug may allow an unprivileged user to enable privilege escalation via physical access.

As one of the flaws was uncovered by Intel itself and for the other the Eclypsium research coordinated with Intel for its disclosure, Intel was able to have ready the patches in time for the public announcement.

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off