Shulou(Shulou.com)05/31 Report--

In this issue, the editor will bring you about how Intel fixes the high-risk vulnerabilities in the CSME firmware of the security engine. The article is rich in content and analyzes and describes for you from a professional point of view. I hope you can get something after reading this article.

Intel warned on Tuesday that there was a high-risk vulnerability in its CSME firmware. If successfully exploited, an attacker can escalate privileges, cause a denial of service and disclose information.

CSME is the security engine for Intel's Active Management System hardware and firmware technology for remote out-of-band management of consumer or business pc, Internet of things devices, and workstations.

The subsystem of CSME has an authorization problem vulnerability (CVE-2019-14598) with a CVSS score of 8.2, which is a high-risk vulnerability. Local attackers can use this vulnerability to launch a series of attacks.

In the security bulletin, Intel recommends that users upgrade to IntelCSME 12.0.49, 13.0.21, 14.0.11 or later, and that Internet of things users using IntelCSME 12.0.55 upgrade to 12.0.56.

Overall, Intel fixed six vulnerabilities on Tuesday, including this high-risk vulnerability in CSME, and the rest are medium-and low-risk vulnerabilities.

A medium-risk vulnerability (CVE-2020-0560) is present in the Intel Renesas Electronics USB 3 driver. The vulnerability is due to improper allocation of permissions in the installer, which can be exploited by an attacker to escalate privileges. All versions of the driver are affected by the vulnerability. Instead of releasing a version update of the driver, Intel issued a product termination announcement and advised users to uninstall or stop using the driver as soon as possible.

There are two medium-risk vulnerabilities in IntelRAID Web Console that can be exploited to configure IntelRAID custom storage controllers and disk drives installed on the system. The first medium-risk privilege vulnerability (CVE-2020-0564) exists in IntelRAID Web Console 3 for Windows due to improper allocation of permissions in the installer. The other (CVE-2020-0562) exists in IntelRAID Web Console 2, also due to improper allocation of permissions in the installer. Intel also fixes a medium-risk entitlement vulnerability (CVE-2020-0563) in IntelManycore Platform Software Stack, which is a series of software components necessary to run Intel Xeon Phi Coprocessor.

Finally, Intel fixes a low-risk privilege vulnerability in IntelSoftware Guard Extension (SGX) SDK.

This is how Intel fixes high-risk vulnerabilities in the CSME firmware of the security engine shared by Xiaobian. If you happen to have similar doubts, please refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.