Intel engineers fixed this week a critical bug with updates to Active Management Technology (AMT) y capacidad de gestión estándar Intel (ISMO).
The AMT and ISM bug was one of the most serious issues the company has addressed this month. The vulnerability is tracked as CVE-2020-8758 y anotó 9.8 fuera de 10 en la escala de calificación de vulnerabilidad CVSS.
Si es explotado, the issue results in privilege escalation by an unauthenticated attacker. The bug occurs due to incorrect buffer limits in the network subsystem. All versions of Intel AMT and Intel ISM up to 11.8.79, 11.12.79, 11.22.79, 12.0.68 y 14.0.39 are vulnerable to attacks.
«If a customer is using Intel vPro without AMT support, an authenticated user with local access to the system may still be able to escalate privileges», — warn Intel experts.
Sin embargo, in addition to patches to fix the bug in AMT and ISM, the company also released fixes for its other products this month. Por ejemplo, have been fixed the CVE-2020-0570 vulnerability in the BIOS firmware for Intel Core 8, 9 and 10th generation processors. The bug scored 7.6 on the CVSS scale and could lead to escalation of privileges, negación de servicio, or information disclosure, if the attacker had physical access to the vulnerable system.
In the BIOS firmware for the 8th generation Intel Core and Intel Pentium Silver, we fixed the medium severity bug CVE-2020-0571, which also allowed information disclosure.
También, arreglos fueron liberados for three other medium severity bugs that affected the 8th, 9th and 10th generation Intel Core and Celeron 4000/5000/. The vulnerabilities could lead to elevation of privilege or denial of service (CVE-2020-8672 and CVE-2019-14557) and information disclosure (CVE-2020-8671).
Además, Intel fixed the CVE-2020-12302 bug in the Intel Driver & Support Assistant that could lead to local privilege escalation. Versión 20.7.26.7 or later fixes the issue.
Déjame recordarte el hecho de que Los procesadores Intel necesitan reparaciones de hardware debido al nuevo ataque LVI and also about the SGAxe attack, that endangers Intel processors.