Intel stomped out another high-severity vulnerability in its Computing Improvement Program, which is program that Intel users can opt into that uses information about participants’ computer performance to make product improvement and detect issues. This glitch “may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access” according to Intel. It stems from insufficient access control in a hardware abstraction driver for the software, versions earlier than. The flaw ( CVE-2019-11163) has a score of 8.2 out of 10 on the CVSS scale, making it high severity. One of the more serious vulnerabilities exist in the Intel Processor Identification Utility for Windows, free software that users can install on their Windows machines to identify the actual specification of their processors. “An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.” “Intel has released security updates to address vulnerabilities in multiple products,” according Intel’s Tuesday advisory. The update is part of an August round of patches issued by the chip maker, addressing three high-severity flaws and five medium-severity bugs. The flaw could have an array of malicious impacts on affected systems, such as opening systems up to information disclosure or denial of service attacks. Intel is warning of a high-severity vulnerability existing in its software that identifies the specification of Intel processors in Windows systems.
0 Comments
Leave a Reply. |