Intel Patch Tuesday updates for July 2019 address a serious flaw in Processor Diagnostic Tool and minor issue in the Solid State Drives (SSD) for Data Centers (DC).

Intel’s Patch Tuesday security updates for July 2019 address a serious flaw in the Processor Diagnostic Tool and another issue in the Solid State Drives (SSD) for Data Centers (DC).

The “high severity” vulnerability in the Processor Diagnostic Tool is tracked as CVE-2019-11133, it was rated with a CVSS score of 8.2 and Prior affects all prior versions.

The vulnerability could be exploited by an attacker with access to the system running the tool to escalate privileges, obtain information, or trigger a denial-of-service (DoS) condition.

“A potential security vulnerability in the Intel® Processor Diagnostic Tool may allow escalation of privilege, denial of service, or information disclosure.Intel is releasing software updates to mitigate this potential vulnerability.” reads the security advisory.

“Description: Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2.24 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.”

The tech giant credited the researcher Jesse Michael of Eclypsium for reporting the flaw, Intel addressed the vulnerability with the release of version 4.1.2.24.

The second vulnerability addressed by Intel affects SSD DC S4500/S4600 series firmware, it could be exploited by an attacker with physical access for privilege escalation. The flaw has been classified as “medium severity,” it affects firmware versions prior to SCV10150.

“A potential security vulnerability in Intel® Solid State Drives (SSD) for Data Centers (DC) S4500/S4600 Series firmware may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability.” reads the analysis published by Intel.

“Description: Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R)SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access.”

Pierluigi Paganini