Intel Product Security Advisories and Notices - Intel Security Advisories

Intel Security Advisories
Intel Product Security Advisories and Notices
Stay current on Intel's Product Security Advisories and Notices

OpenSSL* vulnerability – Software Development Tools for Intel® Active Management Technology (Intel® AMT) In response to the OpenSSL* advisory (CVE-2010-0740), Intel is releasing an update to the Intel® Active Management Technology (Intel® AMT) Software Development Kit (SDK)and Intel® Setup and Configuration Service (Intel® SCS) to mitigate this vulnerability. This issue does not affect the Intel® Active Management Technology implementation on Intel® vPro TM technology based platforms. The Intel® AMT SDK is the development framework for the Independent Software Vendors (ISVs) to develop manageability... Intel® Math Kernel Library Insecure File Permission Local Privilege Escalation The Intel® Math Kernel Library (Intel® MKL) is a library of highly optimized, extensively threaded math routines for science, engineering, and financial applications that require maximum performance. An updated version of the software is available for Intel® MKL users to mitigate this vulnerability. Intel® Active Management Technology Software Development Kit Remote Code Execution Intel® Active Management Technology (Intel® AMT) Software Development Kit (SDK) is the development framework for the independent software vendors (ISVs) to develop manageability applications that interact with Intel® AMT-enabled systems. Updated software which corrects a potential stack overflow issue is available for the ISVs to update their applications developed using the SDK. Intel® Desktop Boards Privilege Escalation Software running administrative (ring 0) privilege can under certain circumstances change code running in System Management Mode. SINIT misconfiguration allows for Privilege Escalation An updated SINIT Authenticated Code Module (ACM) is available for affected Intel products to correct a misconfiguration that allows for the circumvention of Intel® Trusted Execution Technology. Intel® Desktop Board Buffer Overflow Local Privilege Escalation Updated BIOS is available for Intel® Desktop Board products to correct a buffer overflow in the Bitmap processing code. New BIOS available for Intel® Desktop Board products BIOS to prevent unauthorized downgrading to a previous BIOS version. New BIOS is available for Intel® Desktop Board products BIOS to prevent downgrading to a previous BIOS version without supervisor/admin permission. Intel® Desktop and Intel® Server Boards Privilege Escalation Software running administrative (ring 0) privilege can under certain circumstances change code running in System Management Mode. Intel® Desktop and Intel® Mobile Boards Privilege Escalation Software running administrative (ring 0) privilege can under certain circumstances change code running in System Management Mode. Intel Keyboard Buffer Information Disclosure Vulnerability Specific Intel BIOS's fail to sanitize user input entered during the Power On Self Test, POST, process. Under certain situations this issue could potentially result in a disclosure of information. Intel® Centrino Wireless Driver Malformed Frame Privilege Escalation A security vulnerability exists in the Microsoft* Windows* drivers for the Intel® 2100 PRO/Wireless Network Connection Hardware because of the way that driver handles certain requests by applications. The vulnerability could potentially be exploited by injecting specially crafted malicious frames into the driver and with the aid of an application loaded on the local system kernel level privileges could potentially be obtained. Intel® PROSet/Wireless Software Local Information Disclosure A security vulnerability exists in the Intel® PROSet/Wireless Software (PROSet application) because of insecure usage of shared memory allowing a person having access to the user’s computer or malicious software installed on the user’s computer to obtain access to users’ wireless network security information. Intel® Centrino Wireless Driver Malformed Frame Remote Code Execution Security vulnerabilities exist in the Microsoft* Windows* drivers for the Intel® 2200BG and 2915ABG PRO/Wireless Network Connection Hardware because of the way that they currently handle certain frames. An attacker could potentially exploit these vulnerabilities which could potentially lead to remote code execution and system control. Intel® LAN Driver Buffer Overflow Local Privilege Escalation A software vulnerability exists in the specified PCI, PCI-X and PCIe Intel network component drivers that could allow unprivileged code executing on an affected system to perform a local privilege escalation. Intel® Enterprise Southbridge 2 Baseboard Management Controller Denial of Service A denial of service vulnerability exists in the Intel® Enterprise Southbridge 2 Baseboard Management Controller which may allow malicious users to connect to a server system within a local area network and issue any Intelligent Platform Management Interface command. If proper external network access procedures are followed the vulnerability is limited to internal access within a local network.

Intel Security

Intel Product Security Advisories and Notices

CoreCommandos.Com