Intel has announced a number of firmware bugs that could allow endpoints such as datacenter servers, workstations, mobile devices and storage products to be compromised.
Bug, first reported by registerThis could allow bad actors to leak information and elevate their privileges, and was labeled as “high-severity” by Intel.
A full list of products that could be affected by the vulnerabilities can be found here, including 10th generation Intel Core processors and Intel Core X-series processors.
What should users do?
Intel recommends that users of affected processors update to the latest versions provided by their system manufacturer to resolve these issues.
Unfortunately, the above wasn’t the only set of bugs Intel was able to announce.
A potential security vulnerability in Intel processors that could allow information disclosure was also announced, although this was only labeled “low severity” by Intel.
Intel said that “a behavioral discrepancy observable in some Intel processors could allow an authorized user to potentially enable information disclosure via local access.”
According to the hardware giant, the bug could potentially affect all Intel processor families.
Intel recommends that any affected product should use the LFENCE instruction “after a load that should inspect writes from another thread to the same shared memory address”.
Firewalls by themselves may not be enough in today’s environment, it’s not just Intel that has potential hardware security vulnerabilities floating around.
Academic researchers have demonstrated a successful attack strategy to achieve the security provided by AMD’s renowned Secure Encrypted Virtualization (SEV) technology.
Anyone who is interested in fixing more bugs and is aware of a security issue or vulnerability with an Intel-branded product or technology can encrypt sensitive information using their PGP public key after it has been encrypted. via e-mail to [email protected]
According to Intel’s own research there is a demand for more hardware security.
The survey, based on talking to 1,406 people in the United States, Europe, the Middle East, Africa and Latin America, found that 75% of respondents expressed interest in a hardware-based approach to security, while 40% “interested in security”. expressed. a silicon level”.