Intel has issued a security bulletin including 16 newly identified BIOS-related vulnerabilities that allow attackers to launch Denial of Service and Escalation of Privilege attacks on a local machine while avoiding the operating system and its associated security measures. These flaws, according to Intel, affect its 6th to 11th-Gen Core processors, as well as its Xeon portfolio, which includes the W, E, and D models.
Ten of the vulnerabilities have a ‘high’ severity rating, implying that they provide unrestricted access to the machine, while three have a medium severity rating and one has a ‘low’ severity rating.
These new vulnerabilities are unrelated to the recently-announced BIOS vulnerabilities that affect HP, Dell, Lenovo, and other vendors, and are not included in the latest list of Intel/AMD vulnerabilities. Nonetheless, because they are BIOS-related, these 16 new vulnerabilities are comparable to certain others. All 16 allow attackers to take over a computer’s BIOS and get access to the local machine, allowing them to access sensitive information.
Fortunately, Intel points out that all of these flaws can only be exploited if the attacker has physical access to the machine; they cannot be used remotely. These vulnerabilities shouldn’t be as concerning for corporations with protected premises as they are for personal laptops, where bad actors can simply obtain access to the system.
The problems are caused by some vulnerabilities in Intel’s BIOS software, including poor control flow management, buffer overflow, pointer issues, incorrect validation, and more. All of these provide attackers with the ability to escalate privileges as needed. Improper access control and erroneous default permissions, for example, can allow attackers to launch denial-of-service attacks against the local machine.
The majority of these BIOS-related flaws are quite dangerous because they can efficiently circumvent practically all security protections on a local computer. The majority of security features are built into or on top of the operating system, which is loaded after the BIOS completes its initial POST (Power-On Self-Test). This means that no standard security countermeasures can safeguard the BIOS of the system.
Intel claims it will deliver firmware upgrades to address the vulnerabilities, but no specific roadmap has been released. The business advises users to “upgrade to the newest versions offered by the system vendor that address these problems,” according to the corporation. However, it’s unclear whether those updates are currently available. The platforms that have been impacted are listed below.
Affected Products:
- 2nd Generation Intel Xeon Scalable Processor Family
- Intel Xeon Scalable Processor Family
- Intel Xeon Processor W Family
- Intel Xeon Processor E Family
- Intel Xeon Processor D Family
- 11th Generation Intel Core Processor Family
- 10th Generation Intel Core Processor Family
- 9th Generation Intel Core Processor Family
- 8th Generation Intel Core Processor Family
- 7th Generation Intel Core Processor Family
- 6th Generation Intel Core processor Family
- Intel Core X-series Processor Family
- Intel Atom Processor C3XXX Family.
also read:
