Intel provides a list of all affected products and recommendations for vulnerable products at the end of each advisory, as well as contact details for those who want to report other security issues or vulnerabilities found in Intel branded products or technology.
November 2020 Intel Platform Update highlights
Of note among the security updates issued this Tuesday, Intel addressed a critical vulnerability with a CVSS score of 9.4/10 in the Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM) products.
The flaw (tracked as CVE-2020-8752) is an out-of-bounds write in the IPv6 subsystem of Intel AMT and ISM (versions prior to 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45) that enables remote unauthenticated to escalate privileges.
Successful exploitation requires vulnerable products to be configured with IPv6 which is not a default configuration according to Intel.
A second critical security flaw (CVE-2020-12321) rated with a CVSS severity base score of 9.6/10 and affecting some Intel Wireless Bluetooth products was also addressed in the Intel November 2020 Platform Update.
The bug is an improper buffer restriction in Wireless Bluetooth products before version 21.110 that enables unauthenticated escalation of privilege via adjacent access (Local Area Network only).
Intel CPUs patched against new PLATYPUS side-channel attacks
New Intel CPU side-channel vulnerabilities (CVE-2020-8694 and CVE-2020-8695) dubbed PLATYPUS and disclosed by an international group of researchers from the Graz University of Technology, CISPA Helmholtz Center for Information Security, and the University of Birmingham were also patched by called Platypus.
Successful exploitation of the two vulnerabilities could lead to information leakage from the Running Average Power Limit (RAPL) Interface, used to monitor and manage CPUs and DRAM memory power consumption.
The researchers showed that the RAPL interface can be used to keep an eye on targeted systems’ power consumption and infer what instructions were performed by the CPU, enabling attackers to steal data from memory.
All major operating systems are affected according to the research team. “On Linux, the powercap framework provides unprivileged access to Intel RAPL by default,” they said. “On Windows and macOS, the Intel Power Gadget needs to be installed.”
Additional technical info is available in this academic research paper [PDF], in Intel’s PLATYPUS security advisory, as well as in Xen’s security advisory.
The researchers also released a video demo showing how to steal AES-NI keys from protected Intel SGX enclaves in a PLATYPUS attack.
Intel microcode updates for Windows
Yesterday, Microsoft has also released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new vulnerabilities discovered in Intel CPUs (including PLATYPUS).
These microcode updates are offered to affected devices via Windows Update but they can also be downloaded directly from the Microsoft Catalog using these links:
- KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2
- KB4589211: Intel microcode updates for Windows 10, version 1903 and 1909, and Windows Server, version 1903 and 1909
- KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019
- KB4589206: Intel microcode updates for Windows 10, version 1803
- KB4589210: Intel microcode updates for Windows 10, version 1607 and Windows Server 2016
- KB4589198: Intel microcode updates for Windows 10, version 1507
However, before applying them it is important to mention that previous updates are known to have caused system hangs and performance issues on older CPUs due to how the vulnerabilities were mitigated.
Full list of November 2020 Patch Tuesday advisories
You can find a list of all issued Intel security advisories below, with full details on each of the addressed vulnerabilities and info on impacted products and CPUs available within the linked Product Security Center entries.
“We encourage customers to check for updates with their system manufacturers or, where applicable, download directly from Intel,” Intel says.
| Advisories | Advisory Number |
|---|---|
| Intel DSA Advisory | INTEL-SA-00449 |
| Intel Board ID Tool Advisory | INTEL-SA-00447 |
| Intel Quartus Prime Advisory | INTEL-SA-00446 |
| Intel Server Board S2600ST & S2600WF Advisory | INTEL-SA-00439 |
| Intel Battery Life Diagnostic Tool Advisory | INTEL-SA-00431 |
| Intel Data Center Manager Console Advisory | INTEL-SA-00430 |
| Intel XTU Advisory | INTEL-SA-00429 |
| Intel CSI2 Host Controller Advisory | INTEL-SA-00427 |
| Open WebRTC Toolkit Advisory | INTEL-SA-00424 |
| Intel VTune Profiler Advisory | INTEL-SA-00423 |
| Intel Thunderbolt DCH Drivers for Windows Advisory | INTEL-SA-00422 |
| Intel HID Event Filter Driver Advisory | INTEL-SA-00421 |
| Intel QAT for Linux Advisory | INTEL-SA-00420 |
| Intel Processor Identification Utility Advisory | INTEL-SA-00419 |
| Intel Unite Cloud Service Client Advisory | INTEL-SA-00418 |
| Intel Advisor tools Advisory | INTEL-SA-00417 |
| Intel Falcon 8+ UAS AscTec Thermal Viewer Advisory | INTEL-SA-00416 |
| Intel ADAS IE Advisory | INTEL-SA-00415 |
| Intel NUC Firmware Advisory | INTEL-SA-00414 |
| Intel SCS Add-on for Microsoft* Advisory | INTEL-SA-00413 |
| Intel EMA Advisory | INTEL-SA-00412 |
| Intel Computing Improvement Program Advisory | INTEL-SA-00410 |
| Intel High Definition Audio Advisory | INTEL-SA-00409 |
| Intel RealSense D400 Series Dynamic Calibration Tool Advisory | INTEL-SA-00408 |
| Intel Wireless Bluetooth Advisory | INTEL-SA-00403 |
| Intel PROSet/Wireless WiFi Software Advisory | INTEL-SA-00402 |
| Intel 50GbE IP Core for Intel Quartus Prime Advisory | INTEL-SA-00400 |
| Intel SGX DCAP Software Advisory | INTEL-SA-00398 |
| 2020.2 IPU – Intel CSME, SPS, TXE, and AMT Advisory | INTEL-SA-00391 |
| Intel BIOS Platform Sample Code Advisory | INTEL-SA-00390 |
| 2020.2 IPU – Intel RAPL Interface Advisory | INTEL-SA-00389 |
| Intel Stratix 10 FPGA SDM for Intel Quartus Prime Pro Advisory | INTEL-SA-00388 |
| 2020.2 IPU – Intel Processor Advisory | INTEL-SA-00381 |
| Intel Ethernet 700 Series Controller Advisory | INTEL-SA-00380 |
| Intel Visual Compute Accelerator 2 Advisory | INTEL-SA-00368 |
| Intel SSD Advisory | INTEL-SA-00362 |
| Intel PMC Advisory | INTEL-SA-00360 |
| 2020.2 IPU – BIOS Advisory | INTEL-SA-00358 |
| Intel Unite Client Advisory | INTEL-SA-00350 |
| Intel Media SDK for Windows* Advisory | INTEL-SA-00262 |
“Intel coordinated today’s disclosure across the ecosystem to help ensure Original Equipment Manufacturers (OEMs) have updates available for end customers,” Intel’s Director of Communications Jerry Bryant said.
“At this time, we are not aware of any of these issues being used in actual attacks,” Bryant added.
To read the original article: