KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019.KB4589211: Intel microcode updates for Windows 10, version 19, and Windows Server, version 19.KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2.These microcode updates are offered to affected devices via Windows Update but they can also be downloaded directly from the Microsoft Catalog using these links: Yesterday, Microsoft has also released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new vulnerabilities discovered in Intel CPUs (including PLATYPUS). The researchers also released a video demo showing how to steal AES-NI keys from protected Intel SGX enclaves in a PLATYPUS attack. "On Windows and macOS, the Intel Power Gadget needs to be installed."Īdditional technical info is available in this academic research paper , in Intel's PLATYPUS security advisory, as well as in Xen's security advisory. "On Linux, the powercap framework provides unprivileged access to Intel RAPL by default," they said. The researchers showed that the RAPL interface can be used to keep an eye on targeted systems' power consumption and infer what instructions were performed by the CPU, enabling attackers to steal data from memory.Īll major operating systems are affected according to the research team. Successful exploitation of the two vulnerabilities could lead to information leakage from the Running Average Power Limit (RAPL) Interface, used to monitor and manage CPUs and DRAM memory power consumption. New Intel CPU side-channel vulnerabilities ( CVE-2020-8694 and CVE-2020-8695) dubbed PLATYPUS and disclosed by an international group of researchers from the Graz University of Technology, CISPA Helmholtz Center for Information Security, and the University of Birmingham were also patched by called Platypus. Intel CPUs patched against new PLATYPUS side-channel attacks The bug is an improper buffer restriction in Wireless Bluetooth products before version 21.110 that enables unauthenticated escalation of privilege via adjacent access (Local Area Network only). Successful exploitation requires vulnerable products to be configured with IPv6 which is not a default configuration according to Intel.Ī second critical security flaw ( CVE-2020-12321) rated with a CVSS severity base score of 9.6/10 and affecting some Intel Wireless Bluetooth products was also addressed in the Intel November 2020 Platform Update. The flaw (tracked as CVE-2020-8752) is an out-of-bounds write in the IPv6 subsystem of Intel AMT and ISM (versions prior to 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45) that enables remote unauthenticated to escalate privileges. Of note among the security updates issued this Tuesday, Intel addressed a critical vulnerability with a CVSS score of 9.4/10 in the Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM) products. November 2020 Intel Platform Update highlights Intel provides a list of all affected products and recommendations for vulnerable products at the end of each advisory, as well as contact details for those who want to report other security issues or vulnerabilities found in Intel branded products or technology. The issues were detailed in the 40 security advisories published by Intel on its Product Security Center, with the company having delivered security and functional updates to users through the Intel Platform Update (IPU) process. Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology (AMT).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |