Colossal Intel Update Anchored by Critical Privilege-Escalation Bugs | Threatpost

A massive Intel security update this month addresses flaws across a myriad of products – most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges.

These critical flaws exist in products related to Wireless Bluetooth – including various Intel Wi-Fi modules and wireless network adapters – as well as in its remote out-of-band management tool, Active Management Technology (AMT).

Overall, Intel released 40 security advisories on Tuesday, each addressing critical-, high- and medium-severity vulnerabilities across various products. That by far trumps October’s Intel security update, which resolved one high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet-of-things (IoT) devices.

Critical Flaws

One critical-severity vulnerability exists in Intel AMT and Intel Standard Manageability (ISM). AMT, which is used for remote out-of-band management of PCs, is part of the Intel vPro platform (Intel’s umbrella marketing term for its collection of computer hardware technologies) and is primarily used by enterprise IT shops for remote management of corporate systems. ISM has a similar function as AMT.

The flaw (CVE-2020-8752) which ranks 9.4 out of 10 on the CvSS vulnerability-severity scale, stems from an out-of-bounds write error in IPv6 subsystem for Intel AMT and Intel ISM. If exploited, the flaw could allow an unauthenticated user to gain escalated privileges (via network access).

Versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 are affected; users are urged to “update to the latest version provided by the system manufacturer that addresses these issues.”

Another critical-severity flaw (CVE-2020-12321) exists in some Intel Wireless Bluetooth products before version 21.110. That bug, which scores 9.6 out of 10 on the CvSS scale, could allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. This means an attacker is required to have access to a shared physical network with the victim.

Affected products include Intel Wi-Fi 6 AX200 and AX201, Intel Wireless-AC 9560, 9462, 9461 and 9260, Intel Dual Band Wireless-AC 8265, 8260 and 3168, Intel Wireless 7265 (Rev D) family and Intel Dual Band Wireless-AC 3165. Users of these products are recommended to update to version 21.110 or later.

High-Severity Flaws

Intel also fixed multiple high-severity vulnerabilities, including a path traversal in its Endpoint Management Assistant (CVE-2020-12315) — which provides tools to monitor and upgrade devices. This flaw could give an unauthenticated user escalated privileges via network access.

Four high-severity flaws exist in Intel PROSet/Wireless Wi-Fi products before version 21.110. Intel PROSet/Wireless Wi-Fi software is used to set up, edit and manage Wi-Fi network profiles to connect to Wi-Fi networks.

These vulnerabilities stem from insufficient control-flow management (CVE-2020-12313), improper input validation (CVE-2020-12314), protection-mechanism failure (CVE-2020-12318) and improper buffer restriction (CVE-2020-12317). They can enable denial-of-service (DoS) attacks or privilege escalation.

Another high-severity flaw in Intel solid-state drive (SSD) products could allow an unauthenticated user to potentially enable information disclosure – if they have physical access to the device. The flaw (CVE-2020-12309) stems from insufficiently protected credentials in the client SSD subsystems. A range of SSDs – including the Pro 6000p series, Pro 5450s and E 5100s series – are affected and can be found here.

Intel’s Next Unit Computing (NUC) mini PC also had two high-severity flaws; including an insecure default variable initialization issue in the firmware (CVE-2020-12336), that could allow authenticated users (with local access) to escalate their privileges. The other is an improper buffer restriction in the firmware (CVE-2020-12337) enabling privileged users to escalate privileges (via local access).

Other high-severity flaws include an improper buffer restriction (CVE-2020-12325) in Intel Thunderbolt DCH drivers for Windows; an improper access-control hole (CVE-2020-12350) in Intel’s Extreme Tuning Utility and an improper input-validation flaw (CVE-2020-12347) in the Intel Data Center Manager Console.

Hackers Put Bullseye on Healthcare: On Nov. 18 at 2 p.m. EDT find out why hospitals are getting hammered by ransomware attacks in 2020. Save your spot for this FREE webinar on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this LIVE, limited-engagement webinar.