Intel patched six security vulnerabilities during the January 2020 Patch Tuesday, including a high severity vulnerability in VTune and a bug affecting the Intel Processor Graphics drivers for Windows and Linux.

The security issues addressed today are detailed in the six security advisories published on Intel’s Product Security Center.

According to Intel, these vulnerabilities could allow authenticated users to potentially trigger denial of service states and escalate privileges via local access, while others could lead to information disclosure.

“This month, consistent with our commitment to transparency, we are releasing 6 security advisories addressing 6 vulnerabilities,” Intel’s Director of Security Communications Jerry Bryant said.

“Three of these, including the one with the highest CVSS severity rating of 8.2, were internally found by Intel, and the others were reported through our Bug Bounty program.”

Intel’s January 2020 Patch Tuesday advisories

Below you can find all the advisories published by Intel during 2020’s first Patch Tuesday, together with links to download pages where you can get the updates needed to patch the security flaws.

While Intel says that they are not aware of any of the security issues being exploited in the wild, users are advised to install the updates as soon as possible.

Out of the six vulnerabilities patched today two stand out. The first one tracked as CVE-2019-14613 is a high severity one impacting the Intel VTune Amplifier for Windows that may allow authenticated local attackers to potentially escalate privileges.

The other one is a medium severity information disclosure flaw tracked as CVE-2019-14615 that affects the Windows and Linux graphics drivers on a wide range of processors including the company’s latest 10th Generation ‘Ice Lake’ Intel Core Processors.

“Intel has released security updates to address vulnerabilities in multiple products,” the Cybersecurity and Infrastructure Security Agency (CISA) said today in a notification. “An authenticated attacker with local access could exploit some of these vulnerabilities to gain escalation of privileges.”

The agency encourages both users and administrators to review the security advisories published today by Intel and apply the necessary updates to defend against potential exploitation attempts.

Each of the linked advisories comes with a detailed list of all affected products and recommendations for vulnerable products, as well as contact info for users and researchers who would want to report other vulnerabilities found in Intel branded tech or products.


Source link