Intel Patches High-Severity Flaw in Processor Diagnostic Tool | Threatpost

Intel has patched a high-severity vulnerability in its processor diagnostic tool, which could allow local attackers to launch several malicious attacks on affected devices, such as escalation of privilege or denial of service.

The Intel Processor Diagnostic tool is a free product that allows users to test and diagnose any issues in their processor before having to contact tech support. Intel on Tuesday released the patch in tandem with a fix for a medium-severity security vulnerability in its S4500/S4600 lineup of Solid State Drives (SSD) for data centers.

“Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool,” according to a Cybersecurity and Infrastructure Security Agency (CISA) alert. “An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine.”

The vulnerability in the Intel Processor Diagnostics tool (CVE-2019-11133) ranks 8.2 out of 10 on the CVSS 3.0 scale, making it high-severity.

While details of the vulnerability are slim, Intel said that the flaw stems from improper access control in the tool. This vulnerability “may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access,” said Intel in its’ advisory.

Impacted are 32-bit and 64-bit models of the diagnostic tool, before version 4.1.2.24. Users can find the patch here. Researcher Jesse Michael from Eclypsium was credited with reporting the issue.

Intel on Tuesday also patched a separate vulnerability (CVE-2018-18095), found internally by Intel, impacts Intel SSD DC S4500 and S4600 series firmware before SCV10150.

The flaw stems from a lack of authentication in the firmware for the solid state drives, and may allow an unprivileged user to potentially enable escalation of privilege via physical access. Intel said it recommends updating the S4500 and S4600 series firmware to SCV10150 or later.

It’s only Intel’s latest round of patches for vulnerabilities in its products. A few weeks ago, the chip giant patched seven high-severity vulnerabilities in the system firmware of its Intel NUC (short for Next Unit of Computing), a mini-PC kit used for gaming, digital signage and more. In May, Intel fixed high-severity flaw CVE-2019-11094, which could also enable enable escalation of privilege, denial of service and/or information disclosure via local access.

Don’t miss our free live Threatpost webinar, “Streamlining Patch Management,” on Wed., July 24, at 2:00 p.m. EDT. Please join Threatpost editor Tom Spring and a panel of patch experts as they discuss the latest trends in Patch Management, how to find the right solution for your business and what the biggest challenges are when it comes to deploying a program. Register and Learn More