Intel has announced a slew of firmware bugs, which could allow endpoints such as data center servers, workstations, mobile devices, and storage products to be compromised.
Bugs, first reported by The registercan allow malicious actors to leak information and elevate their privileges, and have been labeled by Intel as “high severity”.
A full list of products the vulnerabilities can affect can be found here, which includes 10th Gen Intel Core processors and Intel Core X-series processors.
What should users do?
Intel recommends that users of affected processors update to the latest versions provided by their system manufacturer to resolve these issues.
Unfortunately, the above wasn’t the only set of bugs Intel was able to announce.
A potential security vulnerability in Intel processors that could allow information disclosure was also announced, although it was only rated as “low severity” by Intel.
Intel said “Observable behavioral differences in certain Intel processors may allow an authorized user to potentially enable information disclosure via local access.”
The bug could potentially affect all Intel processor families according to the hardware giant.
Intel recommends that any affected product use the LFENCE instruction “after loads that must observe writes from another thread to the same shared memory address”.
Firewalls alone may not be enough in the current climate, it’s not just Intel that has potential hardware security vulnerabilities floating around.
Academic researchers have demonstrated a successful attack strategy to circumvent the protections provided by AMD’s renowned Secure Encrypted Virtualization (SEV) technology.
Anyone wishing to discover more bugs and have information about a security issue or vulnerability with an Intel-branded product or technology can email it to [email protected], after encrypting sensitive information at using their PGP public key.
The demand for greater hardware security is there according to Intel’s own research.
The survey, based on interviews with 1,406 people in the United States, Europe, the Middle East, Africa and Latin America, found that 75% of respondents expressed interest in material approaches to security, while 40% expressed interest in “security at a silicon level”.
Through the registry