Intel is patching a load of serious software security holes

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • PCHF IT Feeds
    PCHF Bot
    • Jan 2015
    • 54578

    #1

    Intel is patching a load of serious software security holes

    Intel has addressed multiple vulnerabilities discovered in its Software Guard Extensions (SGX) and is now urging users to apply the patch as soon as possible.

    The flaws affect a “wide range of Intel products”, including Xeon processors, network adapters, and software. A total of 31 advisories were added to the Intel Security Center, including five CVE’s.

    Of those five, two are privilege escalation vulnerabilities that could allow threat actors to elevate the privileges their accounts have on target endpoints and use them to exfiltrate sensitive data. The irony is palpable here, the publication hints, because SGX is a feature “that is supposed to enable secure processing of sensitive data inside encrypted memory areas known as enclaves.”

    [HEADING=1]Stealing sensitive data[/HEADING]

    The third flaw, tracked as CVE-2022-38090, is a medium-rated vulnerability affecting, among others, 3rd Gen Xeon Scalable processors. According to Intel, “improper isolation of shared resources in some Intel Processors when using Intel Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.”

    The best course of action, Intel says, is to update your device’s firmware.

    Read more

    > Researchers exploit Intel SGX to hide malware
    Intel chipsets hit by another major security flaw
    Here are the best malware removal software options right now
    The fourth vulnerability, tracked as CVE-2022-33196, is a high-severity flaw also affecting the 3rd Gen Xeon Scalable processors, but also Xeon D processors, as well. Patches, in the form of BIOS and microcode updates, are on the way, the company added.

    The fifth flaw affects SGX’s software development kit (SDK). While this one is rated low severity, there is still a chance crooks use it to steal sensitive data, Intel says. An update is on the way, as well.

    SGX, now in its eighth year, has been “plagued with vulnerabilities”, the publication says, adding that the tool was deprecated in client-focused chips from the 11th and 12th Gen Core processors.

    [ul]
    [li]Check out the best firewalls right now[/li][/ul]

    Via: The Register

    Continue reading…
Working...