Skip to main content

Multiple Vulnerabilities are affecting the Intel products



Multiple Vulnerabilities are affecting the Intel products




Cyber Security Companies recently reported a new kind of vulnerability affecting various Intel products.

Intel, in full Intel Corporation, the inventor of the x86 series of microprocessors has recently noted multiple vulnerabilities affecting some Intel products. These vulnerabilities allow the local attacker to expand privileges, cause denial of service (DoS) conditions and may grab sensitive information by targeting a system.

Name of the Common Vulnerabilities and Exposures (CVE)
1. CVE-2019-14568:Local access is needed to approach this attack. A single authentication is necessary for the misuse. Just by sending a specially-crafted request, an attacker could exploit this vulnerability to gain exalted privileges. This vulnerability was named CVE-2019-14568 since 08.03.2019.
2. CVE-2019-14608:The vulnerability grants a local user to escalate privileges on the target system. The vulnerability exists in the firmware for Intel NUC due to a boundary error when processing irresponsible input. This vulnerability was named CVE-2019-14608 since 08.03.2019.

Systems that got affected:
1. Intel Rapid Storage Technology software before version 17.7.0.1106
2. Intel Xeon Scalable Processor
3. Intel Xeon Scalable processor 2nd Generation
3. Intel Xeon D & W Processor
4. Intel Core i9 Processors 8th and 9th Generation
5. Intel Xeon processor E3 v5 & v6 Family
6. Intel Xeon E Processor
7. Intel Core Processors 6th to 10th Generation

This is a serious security risk as this let’s a malware gather sensitive data from your company’s system. It is the kind of vulnerability that mainly exists in the Intel Rapid Storage Technology (RST). A malware may affect the system due to improper handling of permissions by the software. An authenticated attacker could take advantage of this vulnerability through local access to the system. If this vulnerability is successfully exploited then the attacker would get enough advantage to hack the system completely. It is a crucial matter to get worried!

This vulnerability also prevails in various Intel Processors. It may be due to improper checking of conditions by the firmware. Firmware is a software program or group of instructions programmed on a hardware device. An attacker could easily manipulate these vulnerabilities through successful local access to the targeted system. If the attacker gets victory over the system it can become a serious issue to be concerned about. The assailant can get the chance to expand its allowance to the targeted systems.

These kinds of vulnerabilities also lead to Denial of Service Attack (DoS). DoS is a kind of attack where the attackers send excessive messages demanding the network or server to authenticate requests that have invalid return addresses and hacks the system. It can lead to problems like; Ineffective service, Inaccessible services, Disruption of network traffic, Connection intervention.

These vulnerabilities can steal sensitive data such as documentation of business processes and trade secrets or contact info for employees and customers. Hackers can also destroy data by erasing or changing the data, or by injuring the actual hardware. The impact of this attack can also include legal liability.

Solution:

For CVE-2019-14568
• Upgrading to version 17.7.0.1006

For CVE-2019-14608
• Update the latest firmware version available for the system

“There are tons of vulnerabilities still left, we are sure,” says Herbert Bos, a professor at Vrije Universiteit Amsterdam, in an interview with The New York Times.

Security vulnerabilities are popping up all the time and can put any business that uses technological assets in danger. In a nutshell, these types of vulnerabilities represent the ideal opportunity for malicious actors to break into systems and unleash all types of disruption. From data theft to information compromise and beyond, vulnerabilities are particularly the most alarming issue presently

Comments

Post a Comment

Popular posts from this blog

Betting and Gambling Websites under Cyberattack from Chinese Hackers

Since last year's summers, Chinese hackers have been targeting South Asian companies that own online gambling and betting websites. The gambling companies in South Asia have confirmed the hacks, whereas rumors of cyberattacks on betting websites have also emerged from Europe, and the Middle East, however, the rumors are yet to confirm, says the reports of cybersecurity group Trend Micro and Talent-Jump. Cybersecurity experts claim that no money was stolen in these hacks against the gambling websites. However, hackers have stolen source codes and databases. The motive of the attack was not a cybercrime, but rather espionage intended attack to gain intelligence. According to the experts, a group named ' DRBControl ' is responsible for the cyberattack. According to the reports of Trend Micro, the hacking techniques used in this particular cyberattack incident is similar to methods done by Emissary Panda and Winnti. All of these hacking groups are from China that has launc
5 comments
Read more

Information security experts have warned Russians about bonus card fraud schemes.

Fraudsters several thousand times tried to illegally take advantage of discount bonuses of Russians in 2019. Some attackers gained access to customers' personal accounts, and then bought the products using bonuses, said Alexey Sizov, head of the anti-fraud department of the Application Security Systems Center at Jet Infosystems. According to him, a fraudster can register a personal account on a card that was issued to another person. The victim will accumulate points without knowing about the existence of his profile, and the attacker will write off bonuses, said Sizov. The expert added that this is mainly done by novice scammers. According to him, loyalty programs are poorly protected, unlike banking operations. He said that they are estimated at 50 billion rubles ($760 milliard) for the 30 largest retailers. Alexey Fedorov, Chairman of the Business Russia Trade Committee, said that in 2019, the number of bonus and discount thefts "increased significantly."
Post a Comment
Read more

Provider Volia reported to the cyber police about the intense cyberattacks on the server

Cable provider Volia appealed to the Cyber Police on the fact of fixing a DDoS attack on the Kharkov servers of the company, which has been ongoing since May 31. "For three days, from May 31 to today, the Volia infrastructure in Kharkov is subjected to cyberattacks. At first, they were carried out only on subscriber subsystems, later they switched to telecommunications infrastructure. As a result, more than 100,000 subscribers experienced problems using the Internet, IPTV, multi-screen platform, and digital TV," said the company. In total, the complete lack of access to Volia's services, according to the provider, lasted 12 minutes on May 31, 45 minutes on June 1. There was also an attack on the website volia.com, but it was managed to neutralize. "DDoS attacks were massive and well-organized. The type of attack is UDP flood and channel capacity overflow with the traffic of more than 200 GB. UDP is a protocol used for online streaming services - streaming, te
Post a Comment
Read more