Intel has announced a host of firmware bugs, which could allow endpoints such as datacentre servers, workstations, mobile devices, and storage products to become compromised.
The bugs, first reported by The Register, can allow bad actors to leak information and escalate their privileges, and were labelled by Intel as “high severity”.
A full list of products the vulnerabilities may impact can be found here, which includes 10th Generation Intel Core Processors and Intel Core X-series Processors.
What should users do?
Intel recommends that users of the affected processors update to the latest versions provided by their system manufacturer to addresses these issues.
Unfortunately, the above was not the only set of bugs which Intel was able to announce.
A potential security vulnerability in Intel Processors which may allow information disclosure was also announced, though this was only dubbed “low severity” by Intel.
Intel said that “Observable behavioral discrepancy in some Intel processors may allow an authorized user to potentially enable information disclosure via local access.”
The bug could potentially affect all Intel processor families according to the hardware giant.
Intel recommends that any impacted product should utilize the LFENCE instruction “after loads that should observe writes from another thread to the same shared memory address”.
Firewalls may not be enough by themselves in today’s climate, it’s not just Intel that has potential hardware security vulnerabilities floating around.
Academic researchers have demonstrated a successful attack strategy to get around the protections provided by AMDs famed Secure Encrypted Virtualization (SEV) technology.
Anyone interested in outing more bugs and having information about a security issue or vulnerability with an Intel-branded product or technology can send it via e-mail to [email protected], after encrypting sensitive information using its PGP public key.
The demand for greater hardware security is there according to Intel’s own research.
The survey, based on speaking to 1,406 people across the United States, Europe, the Middle East, Africa, and Latin America, found 75% of respondents expressed interest in hardware-based approaches to security, while 40% expressed interest in “security at a silicon level”.
Via The Register
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba