Intel patched six security vulnerabilities during the January 2020 Patch Tuesday, including a high severity vulnerability in VTune and a bug affecting the Intel Processor Graphics drivers for Windows and Linux.
The security issues addressed today are detailed in the six security advisories published on Intel’s Product Security Center.
According to Intel, these vulnerabilities could allow authenticated users to potentially trigger denial of service states and escalate privileges via local access, while others could lead to information disclosure.
“This month, consistent with our commitment to transparency, we are releasing 6 security advisories addressing 6 vulnerabilities,” Intel’s Director of Security Communications Jerry Bryant said.
“Three of these, including the one with the highest CVSS severity rating of 8.2, were internally found by Intel, and the others were reported through our Bug Bounty program.”
Intel’s January 2020 Patch Tuesday advisories
Below you can find all the advisories published by Intel during 2020’s first Patch Tuesday, together with links to download pages where you can get the updates needed to patch the security flaws.
While Intel says that they are not aware of any of the security issues being exploited in the wild, users are advised to install the updates as soon as possible.
Out of the six vulnerabilities patched today two stand out. The first one tracked as CVE-2019-14613 is a high severity one impacting the Intel VTune Amplifier for Windows that may allow authenticated local attackers to potentially escalate privileges.
The other one is a medium severity information disclosure flaw tracked as CVE-2019-14615 that affects the Windows and Linux graphics drivers on a wide range of processors including the company’s latest 10th Generation ‘Ice Lake’ Intel Core Processors.
|Advisory Number||Advisory||CVE ID||Severity rating||Updates|
|INTEL-SA-00308||Intel RWC 3 for Windows||CVE-2019-14601||6.7||DOWNLOAD|
|INTEL-SA-00300||Intel SNMP Subagent Stand-Alone for Windows||CVE-2019-14600||6.5||DISCONTINUED|
|INTEL-SA-00314||Intel Processor Graphics||CVE-2019-14615||6.3||DOWNLOAD|
|INTEL-SA-00306||Intel Chipset Device Software INF Utility||CVE-2019-14596||5.9||DOWNLOAD|
“Intel has released security updates to address vulnerabilities in multiple products,” the Cybersecurity and Infrastructure Security Agency (CISA) said today in a notification. “An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.”
The agency encourages both users and administrators to review the security advisories published today by Intel and apply the necessary updates to defend against potential exploitation attempts.
Each of the linked advisories comes with a detailed list of all affected products and recommendations for vulnerable products, as well as contact info for users and researchers who would want to report other vulnerabilities found in Intel branded tech or products.
The information contained in this website is for general information purposes only. The information is gathered from Bleeping Computer, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk. Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.