Patchday: Intel closes critical gap with top rating, among other things
The chip manufacturer is solving several security problems in various products. These include the UEFI firmware of servers and an AI tool.
(Image: AFANASEV IVAN/Shutterstock.com)
Attackers can attack Intel products and gain higher user rights. In such positions, further attacks are conceivable. In order to protect systems, the chip manufacturer has now released a whole host of security updates for Neural Compressor software and various firmwares and drivers, among other things.
Critical security vulnerability
According to a warning message, the most dangerous is a"critical" vulnerability (CVE-2024-22476) with the highest score (CVSS score 10 out of 10) in the AI tool Neural Compressor Software. Because data is not sufficiently verified, remote attackers can use certain requests to exploit the vulnerability without authentication and thus gain greater user rights. The chip manufacturer is not currently explaining how such an attack could take place.
Due to the critical classification, it can be assumed that systems will subsequently be completely compromised. The developers state that they have closed the vulnerability in version 2.5.0.
Further dangers
The majority of vulnerabilities in the UEFI firmware of servers, Secure Device Manager and Thunderbolt, among others, are classified as"high". Attackers can use the gaps to launch DoS attacks or access data that is actually protected.
There are even more security gaps in Chipset Device Software, Media SDK and VTUne Profiler. DoS attacks can also occur here and information can be leaked.
A complete list of the vulnerabilities, including the secured issues, is too extensive for this report. Admins should therefore look around the security section of the Intel website to find the relevant entries and install the security updates.
(des)