1. Processor Diagnostic Tool Flaw:
- Severity: High
- Nature: Allows local attackers to potentially execute malicious actions like escalation of privilege or denial of service.
- Description: The Processor Diagnostic Tool is an essential free product developed by Intel for users to assess and diagnose potential issues in their processors before reaching out to technical support.
- Vulnerability Details: The flaw (CVE-2019-11133) has been identified as resulting from inappropriate access control, allowing authenticated users to potentially trigger escalation of privilege, information leakage, or a denial of service via local access.
- Impacted Models: Both 32-bit and 64-bit versions of the diagnostic tool, preceding version 4.1.2.24.
- Resolution: The patch has been released and users are advised to update immediately. Special thanks to Jesse Michael from Eclypsium for reporting the flaw.
2. Intel Data Center SSD Vulnerability:
- Severity: Medium
- Nature: An issue in the S4500/S4600 series of Intel’s Solid State Drives (SSD) for data centers.
- Description: These SSDs are used extensively in data centers across the world.
- Vulnerability Details: The vulnerability (CVE-2018-18095) is due to a lack of authentication in the SSDs’ firmware, potentially allowing an unprivileged user to escalate privileges via physical access.
- Affected Models: Intel SSD DC S4500 and S4600 series firmware versions before SCV10150.
- Resolution: Intel urges users to update to SCV10150 firmware or later versions.
Notably, this isn’t Intel’s first security patching in recent times. The tech behemoth had previously rolled out patches for other vulnerabilities in its products, including its Intel NUC systems.
For those in need of expert guidance or assistance regarding these vulnerabilities, Managed Services Australia stands ready to help. Your device’s security is paramount, and we’re here to ensure that it remains uncompromised.
Need help taking care of your business? Look no further – the team is here to assist and accommodate your requirements.
Give us a call on 1300 024 748, or email [email protected] to enquire further!
Managed Services Australia – Where tech meets trust.