Intel addressed 95 vulnerabilities on November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel AMT.
Vulnerability Update Highlights:
A critical vulnerability was addressed by Intel on its recent security advisory in the Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM) products.
Source : BleepingComputers
| CVE ID | CVE-2020-8752 |
| Versions | Prior to 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 |
| CVSS Score | 9.4 |
| Description | Out-of-bounds write in the IPv6 subsystem of Intel AMT and ISM that enables remote unauthenticated to escalate privileges. Successful exploitation requires vulnerable products to be configured with IPv6 which is not a default configuration according to Intel. |
| CVE ID | CVE-2020-12321 |
| Versions | Before 21.110 |
| CVSS Score | 9.6 |
| Description | Improper buffer restriction in Wireless Bluetooth products that enables unauthenticated escalation of privilege via adjacent access (Local Area Network only). |
Below are additional details for some of the issues addressed.
Patch Against PLATYPUS Side-Channel Attacks:
Named Platypus, an acronym for “Power Leakage Attacks: Targeting Your Protected User Secrets,” the attack targets the RAPL interface of Intel processors.
RAPL, which stands for Running Average Power Limit, is a component that allows firmware or software applications to monitor power consumption in the CPU and DRAM.
Above all, Two new vulnerabilities CVE-2020-8694 and CVE-2020-8695 dubbed PLATYPUS and disclosed by researchers.
Importantly, Potential security vulnerabilities in the Intel® Running Average Power Limit (RAPL) Interface may allow information disclosure.
Description: Successful exploitation of the two vulnerabilities could lead to information leakage from the Running Average Power Limit (RAPL) Interface, used to monitor and manage CPUs and DRAM memory power consumption.
Additional technical info is available in this academic research paper [PDF], in Intel’s PLATYPUS security advisory, as well as in Xen’s security advisory.
Intel microcode updates for Windows
A new batch of Intel Microcode updates was released by Microsoft for o fix new vulnerabilities discovered in Intel CPUs (including PLATYPUS), for the below mentioned versions: Windows 10 20H2, 2004, 1909, and older versions
Notably, These microcodes updates can also be directly downloaded using the below Microsoft Catalog links:
- KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2
- KB4589211: Intel microcode updates for Windows 10, version 1903 and 1909, and Windows Server, version 1903 and 1909
- KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019
- KB4589206: Intel microcode updates for Windows 10, version 1803
- KB4589210: Intel microcode updates for Windows 10, version 1607 and Windows Server 2016
- KB4589198: Intel microcode updates for Windows 10, version 1507
November 2020 Patch Tuesday Advisories
Most importantly, below is the list of all issued Intel security advisories with complete details including each of the addressed vulnerabilities and info on impacted products and CPUs available within the linked Product Security Center entries.
It’s the best time to make a few plans for the future and it is time to be happy. I’ve read this put up and if I may I wish to suggest you few fascinating things or advice. Perhaps you could write next articles regarding this article. I wish to read more things about it!|