Intel patches SSD firmware and microprocessor diagnostic tool
Intel has issued security updates for two of its products which enterprise and expert users will want to patch as soon as possible.
On paper, the most serious of the two affects 32/64-bit versions of the Intel Processor Diagnostic Tool (IPDT), a Windows utility used to test Intel microprocessor behaviour and troubleshoot faults.
Discovered by researcher Jesse Michael of firmware security company Eclypsium, the severity rating for this flaw (CVE-2019-11133) is ‘high’, which under the industry CVSS scoring system is a notch below critical.
The full details have yet to be released but are described in general terms as allowing:
An authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.
In the hands of an attacker, that would be carte blanche to do what they wanted. The limitation indicated by the use of the word “authenticated” means that local access to the computer is needed for an attack, but that could happen if a system were infected with malware.
On the other hand, the IPDT is a tool that only a subset of users, mostly specialists and admins, should have installed on their computers. The fix for anyone using it is to download version 4.1.2.24 or later.
Comments are closed.