News

Intel released August patches and updated firmware for NUC

Photo of William Reddy William ReddyAugust 20, 2019
0 72 1 minute read
Intel released August patches

Intel released the August patch set, including removing a vulnerability in several NUC Kit models that could be used to elevate privileges, DoS attacks, or disclose information.

What is worse, the problem affected not only the NUC Kit, but also the Compute Card and Compute Stick, all working with the same BIOS. Thus, the vulnerability is a danger to the following models:

  1. Intel NUC Kit NUC7i7DNx;
  2. Intel NUC Kit NUC7i5DNx;
  3. Intel NUC Kit NUC7i3DNx;
  4. Intel Compute Stick STK2MV64CC;
  5. Intel Compute Card CD1IV128MK.

The vulnerability was assigned the number CVE-2019-11140, and it is rated at 7.5 points out of 10 on the CVSS scale. Fortunately, exploitation of the problem is possible only if the attacker has local privileged access in the system.

Read also: Researchers discover dangerous DoS vulnerabilities in HTTP / 2 implementation

Another major issue was fixed with Processor Identification for Windows (a free tool that allows users to get detailed information about their Intel processor).

Related Articles

The bug received the identifier CVE-2019-11163 and a severity level of 8.2 points out of 10 possible. This vulnerability allowed increasing privileges, carrying out a DoS attack or disclosing information.

“The bug has a severity score of 8.2. Despite being slightly more severe, local access is necessary for exploitation. This weakness comes from insufficient access control in a hardware abstraction driver and it exists in software versions before 6.1.0731”, — note in the company.

A similar vulnerability was found in the Computing Improvement Program (CVE-2019-11162), but local access and authentication were also required to take advantage of it.

In addition, this month Intel developers eliminated a number of less dangerous problems in their products:

  1. all versions of Raid Web Console 2 were affected by CVE-2019-0173. Now the manufacturer recommends uninstalling this version and upgrading to RAID Web Console 3 version 7.009.011.000 or later;
  2. Intel Authenticate found a medium severity vulnerability (CVE-2019-11143) that could lead to privilege escalation;
  3. Intel Driver & Support Assistant fixed a medium severity vulnerability (CVE-2019-11145), which could also be used to elevate privileges (but required local access);
  4. Intel Remote Displays SDK fixed the medium severity vulnerability (CVE-2019-11148), which could also be used to increase privileges.

Tags
Photo of William Reddy William ReddyAugust 20, 2019
0 72 1 minute read
Photo of William Reddy

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.
Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button