Intel addresses high severity flaw in Processor Diagnostic Tool

Intel Patch Tuesday updates for July 2019 address a serious flaw in Processor Diagnostic Tool and minor issue in the Solid State Drives (SSD) for Data Centers (DC).

Intel’s Patch Tuesday security updates for July 2019 address a serious flaw in the Processor Diagnostic Tool and another issue in the Solid State Drives (SSD) for Data Centers (DC).

The “high severity” vulnerability in the Processor Diagnostic Tool is tracked as CVE-2019-11133, it was rated with a CVSS score of 8.2 and Prior affects all prior versions.

The vulnerability could be exploited by an attacker with access to the system running the tool to escalate privileges, obtain information, or trigger a denial-of-service (DoS) condition.

“A potential security vulnerability in the Intel® Processor Diagnostic Tool may allow escalation of privilege, denial of service, or information disclosure.Intel is releasing software updates to mitigate this potential vulnerability.” reads the security advisory.

“Description: Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.”

The tech giant credited the researcher Jesse Michael of Eclypsium for reporting the flaw, Intel addressed the vulnerability with the release of version 4.1.2.24.

The second vulnerability addressed by Intel affects SSD DC S4500/S4600 series firmware, it could be exploited by an attacker with physical access for privilege escalation. The flaw has been classified as “medium severity,” it affects firmware versions prior to SCV10150.

“A potential security vulnerability in Intel® Solid State Drives (SSD) for Data Centers (DC) S4500/S4600 Series firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability.” reads the analysis published by Intel.

“Description: Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R)SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access.”

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X