Cyber Security Companies recently reported a new kind of vulnerability affecting various Intel products.
Intel, in full Intel Corporation, the inventor of the x86 series of microprocessors has recently noted multiple vulnerabilities affecting some Intel products. These vulnerabilities allow the local attacker to expand privileges, cause denial of service (DoS) conditions and may grab sensitive information by targeting a system.
Name of the Common Vulnerabilities and Exposures (CVE)
- 1. CVE-2019-14568:Local access is needed to approach this attack. A single authentication is necessary for the misuse. Just by sending a specially-crafted request, an attacker could exploit this vulnerability to gain exalted privileges. This vulnerability was named CVE-2019-14568 since 08.03.2019.
- 2. CVE-2019-14608:The vulnerability grants a local user to escalate privileges on the target system. The vulnerability exists in the firmware for Intel NUC due to a boundary error when processing irresponsible input. This vulnerability was named CVE-2019-14608 since 08.03.2019.
Systems that got affected:
- 1. Intel Rapid Storage Technology software before version 22.214.171.1246
- 2. Intel Xeon Scalable Processor
- 3. Intel Xeon Scalable processor 2nd Generation
- 3. Intel Xeon D & W Processor
- 4. Intel Core i9 Processors 8th and 9th Generation
- 5. Intel Xeon processor E3 v5 & v6 Family
- 6. Intel Xeon E Processor
- 7. Intel Core Processors 6th to 10th Generation
This is a serious security risk as this let’s a malware gather sensitive data from your company’s system. It is the kind of vulnerability that mainly exists in the Intel Rapid Storage Technology (RST). A malware may affect the system due to improper handling of permissions by the software. An authenticated attacker could take advantage of this vulnerability through local access to the system. If this vulnerability is successfully exploited then the attacker would get enough advantage to hack the system completely. It is a crucial matter to get worried!
This vulnerability also prevails in various Intel Processors. It may be due to improper checking of conditions by the firmware. Firmware is a software program or group of instructions programmed on a hardware device. An attacker could easily manipulate these vulnerabilities through successful local access to the targeted system. If the attacker gets victory over the system it can become a serious issue to be concerned about. The assailant can get the chance to expand its allowance to the targeted systems.
These kinds of vulnerabilities also lead to Denial of Service Attack (DoS). DoS is a kind of attack where the attackers send excessive messages demanding the network or server to authenticate requests that have invalid return addresses and hacks the system. It can lead to problems like; Ineffective service, Inaccessible services, Disruption of network traffic, Connection intervention.
These vulnerabilities can steal sensitive data such as documentation of business processes and trade secrets or contact info for employees and customers. Hackers can also destroy data by erasing or changing the data, or by injuring the actual hardware. The impact of this attack can also include legal liability.
- • Upgrading to version 126.96.36.1996
- • Update the latest firmware version available for the system
“There are tons of vulnerabilities still left, we are sure,” says Herbert Bos, a professor at Vrije Universiteit Amsterdam, in an interview with The New York Times.
Security vulnerabilities are popping up all the time and can put any business that uses technological assets in danger. In a nutshell, these types of vulnerabilities represent the ideal opportunity for malicious actors to break into systems and unleash all types of disruption. From data theft to information compromise and beyond, vulnerabilities are particularly the most alarming issue presently.
To keep your company safe from such Vulnerabilities, always consult with Cyber Security Consultancies.
Leave a Comment:
Get Exclusive Cyber Security Tips On:
Prevention from damage dealt to an organization’s reputation.
Investments on fixing the issues caused by attack.
Preventing confidential data and Intellectual Property being stolen
Prevention of revenue loss due to service disruption and much more.