Intel engineers fixed critical bug in AMT and ISM

Intel fixed a critical bug

Intel engineers fixed this week a critical bug with updates to Active Management Technology (AMT) and Intel Standard Manageability (ISM).

The AMT and ISM bug was one of the most serious issues the company has addressed this month. The vulnerability is tracked as CVE-2020-8758 and scored 9.8 out of 10 on the CVSS vulnerability rating scale.

If exploited, the issue results in privilege escalation by an unauthenticated attacker. The bug occurs due to incorrect buffer limits in the network subsystem. All versions of Intel AMT and Intel ISM up to 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 are vulnerable to attacks.

“If a customer is using Intel vPro without AMT support, an authenticated user with local access to the system may still be able to escalate privileges”, — warn Intel experts.

However, in addition to patches to fix the bug in AMT and ISM, the company also released fixes for its other products this month. For example, have been fixed the CVE-2020-0570 vulnerability in the BIOS firmware for Intel Core 8, 9 and 10th generation processors. The bug scored 7.6 on the CVSS scale and could lead to escalation of privileges, denial of service, or information disclosure, if the attacker had physical access to the vulnerable system.

In the BIOS firmware for the 8th generation Intel Core and Intel Pentium Silver, we fixed the medium severity bug CVE-2020-0571, which also allowed information disclosure.

Also, fixes were released for three other medium severity bugs that affected the 8th, 9th and 10th generation Intel Core and Celeron 4000/5000/. The vulnerabilities could lead to elevation of privilege or denial of service (CVE-2020-8672 and CVE-2019-14557) and information disclosure (CVE-2020-8671).

In addition, Intel fixed the CVE-2020-12302 bug in the Intel Driver & Support Assistant that could lead to local privilege escalation. Version 20.7.26.7 or later fixes the issue.

Let me remind you about the fact that Intel processors need hardware fixes due to new LVI attack and also about the SGAxe attack, that endangers Intel processors.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *