Security Strategy, Plan, Budget

Intel launches security blog, pushes security patches

Intel joined the Patch Tuesday crowd with a platform update that covered 77 vulnerabilities, two of which were rated critical.

The chip maker noted the security updates in a new blog the company said it will use to disseminate security updates, bug bounty topics, new security research, and engagement activities within the security research community.

Intel is dividing its updates by advisory with each covering a single or set of products.

The vulnerability is a heap overflow in a subsystem in Intel’s CSME versions 11.8.70, 11.11.70, 11.22.70, 12.0.45 and before; Intel TXE versions 3.1.70 and 4.0.20 and earlier. These may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service.

The second critical vulnerability, CVE-2019-11171, in advisory INTEL-SA-00313, 12 vulnerabilities, is another heap corruption issue. This time in Intel’s Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.

The first critical issue covered is CVE-2019-0169 in INTEL-SA-00241, which has 24 vulnerabilities overall, that impacts a variety of Intel products including its Converged Security and Manageability Engine, Server Platform Services, Trusted Execution Engine, Active Management Technology, Platform Trust Technology and Dynamic Application Loader.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.