Intel’s January 2020 security update included six items with one rated high, four medium and one as a low priority.
The most important vulnerability is CVE-2019-14613 affecting Intel’s VTune Amplifier for Windows and if left unpatched and exploited can allow escalation of privilege. An update fixing the problem has been posted.
The medium CVE-2019-14615 affects a large number of Intel processors. The basic problem is insufficient control flow in certain data structures for some processors with processor graphics that can lead to information disclosure via local access. The update fixing the issue has been made available.
CVE-2019-14600, also rated medium, is an uncontrolled search path element that affects Intel SNMP Subagent Stand-Alone Advisory for Windows. If exploited it could allow an attacker to escalate privileges via local access.
Intel does not have a patch for this problem but considers it dangerous enough that the company is recommending those using SNMP Subagent Stand-Alone Advisory for Windows discontinue use and uninstall the product as the company is pulling it from the market.
The third medium vulnerability is CVE-2019-14601 for Itel’s RWC 3 for Windows before version 7.010.009.000. The problem may allow an authenticated user to potentially enable escalation of privilege via local access. A patch is available.
The final medium issue is CVE-2019-14596, which is improper access control in the installer for Intel Chipset Device Software INF Utility before version 10.1.18 possibly leading to a denial of service issue.
The final, low-rate problem CVE-2019-14629, lies within Intel DAAL version 2020 Gold and earlier and if left unpatched and exploited may allow an authenticated user to potentially enable information disclosure. An update to DAAL is available.