Intel addressed medium and high-severity vulnerabilities in its April 2020 security update; the vulnerabilities in Intel software and firmware programs could potentially allow attackers to launch denial-of-service (DoS) attacks and enables escalation of privilege.
Out of the 6 vulnerabilities Intel addressed in the security update published on April 14, 3 of them were patched, and Intel issued a product discontinuation notice for 3 products.
Intel has also published full details for the vulnerabilities and a list of all affected products.
|Advisory||CVEID||Severity rating||Impact of vulnerability||Status|
|Intel NUC Firmware||CVE-2020-0600||HIGH||Escalation of Privilege||Patched|
|Intel Modular Server Compute Module||CVE-2020-0578||HIGH||Escalation of Privilege, Denial of Service||Discontinued|
|Intel PROSet/Wireless WiFi Software||CVE-2020-0558||HIGH||Escalation of Privilege, Denial of Service||Patched|
|Intel Binary Configuration Tool for Windows||CVE-2020-0598||MEDIUM||Escalation of Privilege||Discontinued|
|Intel Data Migration Software||CVE-2020-0547||MEDIUM||Escalation of Privilege||Discontinued|
|Intel Driver and Support Assistant||CVE-2020-0568||MEDIUM||Denial of Service||Patched|
Intel has released updates for Intel NUC firmware, Intel PROSet/Wireless WiFi software, and Intel Driver and Support Assistant software.
Updated products with high-severity flaws
A high-severity security flaw is detected in the Improper buffer restrictions in the firmware of Intel Next Unit Computing (NUC) which could allow threat actors to potentially enable escalation of privilege via local access.
The vulnerability in Intel PROSet/Wireless WiFi products on Windows 10 is caused by Insecure inherited permissions, and it could allow escalation of privilege via local access or denial of service.
Updated products with medium-severity flaws
A potential security vulnerability in the Intel Driver and Support Assistant exists in the race condition could an authenticated user to potentially enable denial-of-service via local access.
Intel has issued a notice of product discontinuation for Intel Modular Server Compute Module firmware, Intel Binary Configuration Tool for Windows software, Intel Data Migration Software.
Discontinued products with high-severity flaws
Another high-severity flaw exists in all versions of the Intel Modular Server MFS2600KISPP Compute Module firmware which could allow unauthenticated users to carry out denial-of-service (DoS) attacks, and grants them escalated privileges. Intel has not released a security update for this product and issued a product discontinuation notice.
Discontinued products with medium-severity flaws
The medium severity flaw in Intel software Intel® Binary Configuration Tool for Windows has also not been patched and Intel issued a product discontinuation notice and recommends users to uninstall this software.
The vulnerability in the Intel Data Migration Software — rated medium, exists in the installer for the software, and it is caused by incorrect default permissions. This flaw affects versions 3.3 and earlier, and could potentially result in escalation of privilege, if exploited. Intel has now discontinued the product.
Secure Your Organization’s Mind with Securemind.se