During this time it is highly recommended you stop your regular activity on the workstation, in order to prevent any unwanted errors and report glitches. Intel posts regular security updates across its product families on its support website.įollow on Twitter for the latest computer security news.Upon initialization Intel Processor Diagnostic Tool automatically starts the scanning procedure. The good news is that updating multiple drives can be achieved using the Intel SSD Data Center Tool, which also automates finding updated firmware images. However, although only launched less than two years ago in capacities up to 4TB, these drives are likely to have been installed inside numerous data centers that invested in the claimed lower failure rates and higher performance that comes with enterprise SSDs. Identified as CVE-2018-18095 after being discovered internally by Intel, exploiting the vulnerability would allow privilege escalation on drives using firmware before version SCV10150.Īgain, an attacker would need physical access to the management interface for the affected SSDs, which takes it out of the league of opportunist attackers. The fix for anyone using it is to download version 4.1.2.24 or later.Īlthough the second flaw, affecting Intel’s Data Center S4500/S4600 Series Solid State Drive (SSD) firmware, is only rated ‘medium’ on CVSS, arguably it’s the more widespread and inconvenient of the two. On the other hand, the IPDT is a tool that only a subset of users, mostly specialists and admins, should have installed on their computers. The limitation indicated by the use of the word “authenticated” means that local access to the computer is needed for an attack, but that could happen if a system were infected with malware.
In the hands of an attacker, that would be carte blanche to do what they wanted. The full details have yet to be released but are described in general terms as allowing:Īn authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access. On paper, the most serious of the two affects 32/64-bit versions of the Intel Processor Diagnostic Tool (IPDT), a Windows utility used to test Intel microprocessor behaviour and troubleshoot faults.ĭiscovered by researcher Jesse Michael of firmware security company Eclypsium, the severity rating for this flaw ( CVE-2019-11133) is ‘high’, which under the industry CVSS scoring system is a notch below critical. Intel has issued security updates for two of its products which enterprise and expert users will want to patch as soon as possible.
0 kommentar(er)
