This week has been quite busy for users having to update their systems. The tech giants like Microsoft and Adobe have rolled-out their monthly Patch Tuesday updates. It seems Intel didn’t want to miss this important time, and so, they have also released security fixes. Reportedly, the recently released Intel patches addressed multiple security flaws that affected its different products.
Intel Patches Three High-Severity Security Flaws
The Intel patches include fixes for three high-severity security bugs that could result in privilege escalation.
The first vulnerability existed in Intel® PROSet/Wireless WiFi Software. Exploiting this bug could allow escalation of privileges to an potential attacker. As explained by Intel in the security advisory,
“Improper directory permissions in the ZeroConfig service in Intel(R) PROSet/Wireless WiFi Software before version 20.90.0.7 may allow an authorized user to potentially enable escalation of privilege via local access.”
The vulnerability, CVE-2018-12177, achieved a CVSS base score of 7.8 – the highest of all vulnerabilities patched with this update bundle. Intel has recommended that users update their systems to Intel® PROSet/Wireless WiFi Software version 20.90.0.7 or later.
The second vulnerability (CVE-2018-18098) affected Intel® SGX SDK and Intel® SGX Platform Software. Describing the bug, Intel state:
“Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.”
Intel has patched this flaw, together with a medium-severity bug (discussed below) in the latest software versions. These include,
- Intel® SGX Platform Software for Windows version 2.2.100 or later
- Intel® SGX Platform Software for Linux version 2.4.100 or later
- Intel® SGX SDK for Windows version 2.2.100 or later
- Intel® SGX SDK for Linux version 2.4.100
The third bug, CVE-2019-0088, affected the Intel® System Support Utility for Windows. Explaining about it, Intel states:
“Insufficient path checking in Intel(R) System Support Utility for Windows before 2.5.0.15 may allow an authenticated user to potentially enable an escalation of privilege via local access.”
Intel has patched the flaw in Intel® System Support Utility for Windows v.2.5.0.15 and later. Thus, the users may upgrade their systems with the patched version.
Multiple Medium-Severity Bugs Also Fixed
Among the medium-severity bugs, the first one targeted the Intel® SGX SDK and Intel® SGX Platform Software (CVE-2018-12155). Exploiting this flaw could result in information disclosure. As described by Intel in the advisory,
“Data leakage in cryptographic libraries for Intel(R) IPP before 2019 update 1 release may allow an unprivileged user to cause information disclosure via local access.”
Another medium severity bug (CVE-2018-12166) affected Intel® Optane™ SSD DC P4800X that may trigger denial-of-service. According to Intel,
“Insufficient write protection in firmware for Intel(R) Optane(TM) SSD DC P4800X before version E2010435 may allow a privileged user to potentially enable a denial of service via local access.”
In addition to the above, Intel also released fixes for two more privilege escalation bugs having medium severity ratings. These include CVE-2018-3703 that affected Intel® SSD Data Center Tool for Windows and CVE-2017-3718 that threatened the system firmware for Intel® NUC.
