Skip to main content

Multiple Vulnerabilities are affecting the Intel products



Multiple Vulnerabilities are affecting the Intel products




Cyber Security Companies recently reported a new kind of vulnerability affecting various Intel products.

Intel, in full Intel Corporation, the inventor of the x86 series of microprocessors has recently noted multiple vulnerabilities affecting some Intel products. These vulnerabilities allow the local attacker to expand privileges, cause denial of service (DoS) conditions and may grab sensitive information by targeting a system.

Name of the Common Vulnerabilities and Exposures (CVE)
1. CVE-2019-14568:Local access is needed to approach this attack. A single authentication is necessary for the misuse. Just by sending a specially-crafted request, an attacker could exploit this vulnerability to gain exalted privileges. This vulnerability was named CVE-2019-14568 since 08.03.2019.
2. CVE-2019-14608:The vulnerability grants a local user to escalate privileges on the target system. The vulnerability exists in the firmware for Intel NUC due to a boundary error when processing irresponsible input. This vulnerability was named CVE-2019-14608 since 08.03.2019.

Systems that got affected:
1. Intel Rapid Storage Technology software before version 17.7.0.1106
2. Intel Xeon Scalable Processor
3. Intel Xeon Scalable processor 2nd Generation
3. Intel Xeon D & W Processor
4. Intel Core i9 Processors 8th and 9th Generation
5. Intel Xeon processor E3 v5 & v6 Family
6. Intel Xeon E Processor
7. Intel Core Processors 6th to 10th Generation

This is a serious security risk as this let’s a malware gather sensitive data from your company’s system. It is the kind of vulnerability that mainly exists in the Intel Rapid Storage Technology (RST). A malware may affect the system due to improper handling of permissions by the software. An authenticated attacker could take advantage of this vulnerability through local access to the system. If this vulnerability is successfully exploited then the attacker would get enough advantage to hack the system completely. It is a crucial matter to get worried!

This vulnerability also prevails in various Intel Processors. It may be due to improper checking of conditions by the firmware. Firmware is a software program or group of instructions programmed on a hardware device. An attacker could easily manipulate these vulnerabilities through successful local access to the targeted system. If the attacker gets victory over the system it can become a serious issue to be concerned about. The assailant can get the chance to expand its allowance to the targeted systems.

These kinds of vulnerabilities also lead to Denial of Service Attack (DoS). DoS is a kind of attack where the attackers send excessive messages demanding the network or server to authenticate requests that have invalid return addresses and hacks the system. It can lead to problems like; Ineffective service, Inaccessible services, Disruption of network traffic, Connection intervention.

These vulnerabilities can steal sensitive data such as documentation of business processes and trade secrets or contact info for employees and customers. Hackers can also destroy data by erasing or changing the data, or by injuring the actual hardware. The impact of this attack can also include legal liability.

Solution:

For CVE-2019-14568
• Upgrading to version 17.7.0.1006

For CVE-2019-14608
• Update the latest firmware version available for the system

“There are tons of vulnerabilities still left, we are sure,” says Herbert Bos, a professor at Vrije Universiteit Amsterdam, in an interview with The New York Times.

Security vulnerabilities are popping up all the time and can put any business that uses technological assets in danger. In a nutshell, these types of vulnerabilities represent the ideal opportunity for malicious actors to break into systems and unleash all types of disruption. From data theft to information compromise and beyond, vulnerabilities are particularly the most alarming issue presently

Comments

Popular posts from this blog

Provider Volia reported to the cyber police about the intense cyberattacks on the server

Cable provider Volia appealed to the Cyber Police on the fact of fixing a DDoS attack on the Kharkov servers of the company, which has been ongoing since May 31. "For three days, from May 31 to today, the Volia infrastructure in Kharkov is subjected to cyberattacks. At first, they were carried out only on subscriber subsystems, later they switched to telecommunications infrastructure. As a result, more than 100,000 subscribers experienced problems using the Internet, IPTV, multi-screen platform, and digital TV," said the company. In total, the complete lack of access to Volia's services, according to the provider, lasted 12 minutes on May 31, 45 minutes on June 1. There was also an attack on the website volia.com, but it was managed to neutralize. "DDoS attacks were massive and well-organized. The type of attack is UDP flood and channel capacity overflow with the traffic of more than 200 GB. UDP is a protocol used for online streaming services - streaming, te...

Information security experts have warned Russians about bonus card fraud schemes.

Fraudsters several thousand times tried to illegally take advantage of discount bonuses of Russians in 2019. Some attackers gained access to customers' personal accounts, and then bought the products using bonuses, said Alexey Sizov, head of the anti-fraud department of the Application Security Systems Center at Jet Infosystems. According to him, a fraudster can register a personal account on a card that was issued to another person. The victim will accumulate points without knowing about the existence of his profile, and the attacker will write off bonuses, said Sizov. The expert added that this is mainly done by novice scammers. According to him, loyalty programs are poorly protected, unlike banking operations. He said that they are estimated at 50 billion rubles ($760 milliard) for the 30 largest retailers. Alexey Fedorov, Chairman of the Business Russia Trade Committee, said that in 2019, the number of bonus and discount thefts "increased significantly." ...

Apple Plans to Expand Cloud-Based Services, Enters Cloud Computing Space

Apple is planning to invest more in streamlines and increasing its cloud-based and software services like iCloud, Newsplus, and Apple Music. The expansion will go along with devices like iPads, MacBooks, and iPhones. To be entirely sure about the reliability of the cloud-based service on all the Apple devices, the company has decided to rely on AWS (Amazon Web Services) and the cloud division. AWS, as you might know, is a subunit of Amazon that offers cloud-space solutions. According to CNBC's findings, Apple is said to pay Amazon $30 Million monthly for its cloud-based services. It also means that Apple is one of the biggest customers of AWS. Nevertheless, Apple hasn't confirmed whether it uses Amazon's cloud services besides its iCloud. According to experts, Apple also has some of its cloud services on Google. Amazon transformed the management of the data center and hosting of the applications when it brought the AWS. Being the first one to offer services like these,...