Processors
Intel® Processors, Tools, and Utilities
15514 Discussions

OpenSSL vulnerability - CVE-2022-3602/CVE-2022-3786

JasperKimmel
Novice
8,892 Views

Hi,

During scanning our Windows computers for a possible OpenSSL vulnerability known as CVE-2022-3602 or CVE-2022-3786, we encountered that the Intel(R) System Usage Report Service is using OpenSSL 3.0.2. This version of OpenSSL is vulnerable and is mainly found in the file C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll 

 

Is this a known issue at Intels and has a fix already been released?
If so, please inform me Intels statement about this vulnerability and how to fix this (if necessary).

 

If not, can we disable this Windows service in the meantime without any issues?

 

Regards,

 

Jasper Kimmel

0 Kudos
1 Solution
DeividA_Intel
Employee
8,179 Views

Hello JasperKimmel, 

 

 

Thanks for your patience. Based on the investigation, this issue seems related to the Intel® Computing Improvement Program (Intel® CIP).

 

As a test, please uninstall the tool and let me know if the issue persists.

 

Steps: locate the Intel® Computing Improvement Program (Intel® CIP) in the Control Panel -> Programs and uninstall it. Uninstalling will remove the .exe files and DLL's and the Intel CIP service should not run anymore, stopping the error messages.

 

Also, I recommend you report the vulnerability by following this article:

 

@splendidprofessional@chris-jnctn@sharkie, I recommend you follow these steps or open a new thread so you all can get proper support.

 

 

Best regards, 

Deivid A.  

Intel Customer Support Technician 

View solution in original post

12 Replies
DeividA_Intel
Employee
8,775 Views

Hello JasperKimmel,  


  

Thank you for posting on the Intel® communities. I am sorry to know that you are having issues related to a vulnerability. 



In order to better assist you, please provide the following:  


1. What is the brand and model name of your processor?

2. What is the brand and model name of your motherboard (if desktop) or laptop and its BIOS version?

3. What is the Windows version and build?



Regards,  

Deivid A.  

Intel Customer Support Technician  


0 Kudos
JasperKimmel
Novice
8,437 Views

Hi @DeividA_Intel,

I have a Microsoft Surface with Intel components (see attached image for the details of my system). I installed the Intel Driver Support Assistant (IDSA) and use this to keep my Intel drivers and components up to date. The vulnerable DLL is either part of the IDSA or part of one of the Intel drivers.

Regards,

Jasper Kimmel

0 Kudos
splendidprofessional
8,710 Views

During scanning our Windows computers for a possible OpenSSL vulnerability known as CVE-2022-3602 or CVE-2022-3786, we encountered that the Intel(R) System Usage Report Service is using OpenSSL 3.0.2. This version of OpenSSL is vulnerable and is mainly found in the file C:\Program Files\Intel\SUR\QUEENCREEK\x64\libcrypto-3-x64.dll 

Is this a known issue at Intels and has a fix already been released?
If so, please inform me Intels statement about this vulnerability and how to fix this (if necessary).

 

 

1. What is the brand and model name of your processor?

 Intel(R) Core(TM) i5-1035G7 CPU @ 1.20Ghz

 

2. What is the brand and model name of your motherboard (if desktop) or laptop and its BIOS version?

Microsoft motherboard.

 

3. What is the Windows version and build?

windows 10 enterprise edition (x64)

10.0.19044

19044.1806

0 Kudos
DeividA_Intel
Employee
8,606 Views

Hello @splendidprofessional , 

 

 

Thanks for your response, however, I would like to know if you are facing the same issue as JasperKimmel or if you are replying in behave of JasperKimmel.

 

@JasperKimmel, please let me know if you are working with splendidprofessional to make sure that I can proceed with the info provided by splendidprofessional or if we have the same issue but with different users.

 

I am sorry for the inconvenience.

 

 

Regards,  

Deivid A.  

Intel Customer Support Technician  

 

0 Kudos
JasperKimmel
Novice
8,439 Views

Hi @DeividA_Intel ,

 

@splendidprofessional is facing the same issue because I'm not familiar with this person.

chris-jnctn
Beginner
8,484 Views

Hi I'm having the same issue, Microsoft 365 Defender is reporting the same issue. See the attached screenshot.

Screenshot 2022-11-14 173225.png

1. What is the brand and model name of your processor?

Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz

2. What is the brand and model name of your motherboard (if desktop) or laptop and its BIOS version?

Model NUC10i5FNH, Bios FNCML357.0058.2022.0720.1011

3. What is the Windows version and build?

Microsoft Windows 10 Enterprise - 10.0.19045

0 Kudos
sharkie
Beginner
8,350 Views

Hi 

 

I've allows seen this issue,

Nothing to do with Motherboard or bios or Processor 

issue is the Driver software is using OpenSSL and 

CVE-2022-3602 and CVE-2022-3786
 
Any Intel Based Laptop I have is reporting this issue 
 

So, Intel WHEN you are going to update your Driver software to patch this issue ?

 

see below

 

sharkie_0-1668473807716.png

 

 

 

Executive summary
On October 25, 2022, OpenSSL announced the release of OpenSSL version 3.0.7, which will address a critical security issue. OpenSSL version 3.0.7 became generally available on November 1st 2022. The security issue has since been downgraded from a Critical rating to a High severity rating.

The vulnerability is a denial-of-service for systems that support client certificate-based authentication. An attacker could send a maliciously crafted certificate to a server that parses certificates as part of client authentication and crash the server. At the time of this report, the vulnerability does not appear to allow Remote Code Execution (RCE), however OpenSSL states in their advisory that since their codebase is distributed as source code, some product implementations might have implemented the code in such a way that RCE could be triggered on some platforms. However they do state that exposure to remote code execution is not expected on any platforms.

The only known mitigation at the time of this report is to upgrade to OpenSSL version 3.0.7. Customers can track their exposure and patching status once the patch and CVE are released using Microsoft Defender Vulnerability Management, by navigating to the Endpoints Exposure tab of the report.

For more information about impacted Microsoft products, please see the following MSRC blog.

Analysis
The denial-of-service (DoS) vulnerability stems from a buffer overflow which can be triggered in name constraint checking when OpenSSL does X.509 certificate validation. The buffer overflow occurs after certificate chain validation and require a Certificate Authority to sign a malicious certificate, – which is not unlikely – or for an application to continue certificate validation, despite failing to construct a certificate chain to a trusted issuer.

Attackers exploit the vulnerability by crafting a malicious email address containing the '.' character in the X.509 certificate to cause an overflow of an arbitrary number of bytes. This could result in a crash and cause a Denial of Service.

This impacts both TLS clients and servers. For a client, the vulnerability could be triggered by connecting to a malicious server. For a server, it can be triggered if the server requests client certificate authentication and a client with a maliciously configured certificate connects to the server.

Mitigation
Apply the following mitigation to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations.

Upgrade to OpenSSL version 3.0.7 as soon as it is available
Reference
Attack Surface: CVE-2022-3602 - OpenSSL 3 Buffer Overflow on Certificate Validation of Email Address . Microsoft Defender Threat Intelligence (accessed 11-01-2022)
CVE-2022-3786 and CVE-2022-3602: X.509 Email Address Buffer Overflows. OpenSSL.org (accessed 11-01-2022)
OpenSSL version 3.0.7 published. OpenSSL.org (accessed 11-01-2022)
https://www.openssl.org/news/secadv/20221101.txt. OpenSSL.org (accessed 11-01-2022)
Forthcoming OpenSSL Releases. OpenSSL.org (accessed 10-31-2022)
Change log
2022-11-01 16:55 UTC | Updated vulnerability details
2022-10-31 19:00 UTC | Entry created
Copyright
© Microsoft 2022. All rights reserved. Reproduction or distribution of the content of this site, or any part thereof, without written permission of Microsoft is prohibited.

JasperKimmel
Novice
8,334 Views

I agree with @sharkie on this. It has nothing to do with hardware. Instead, it has anything to do with software provided by Intel. The only reason why I posted my message in the processor support forum is that there is no support forum related to software.

 

@DeividA_Intel: Please escalate this issue to your security team and urge them to update this particular driver or tool?


0 Kudos
DeividA_Intel
Employee
8,291 Views

Hello JasperKimmel, 


  

Thanks, JasperKimmel and everyone for the information provided.

  

I will proceed to check the issue internally and post back soon with more details. 


 

Best regards, 

Deivid A.  

Intel Customer Support Technician 


DeividA_Intel
Employee
8,180 Views

Hello JasperKimmel, 

 

 

Thanks for your patience. Based on the investigation, this issue seems related to the Intel® Computing Improvement Program (Intel® CIP).

 

As a test, please uninstall the tool and let me know if the issue persists.

 

Steps: locate the Intel® Computing Improvement Program (Intel® CIP) in the Control Panel -> Programs and uninstall it. Uninstalling will remove the .exe files and DLL's and the Intel CIP service should not run anymore, stopping the error messages.

 

Also, I recommend you report the vulnerability by following this article:

 

@splendidprofessional@chris-jnctn@sharkie, I recommend you follow these steps or open a new thread so you all can get proper support.

 

 

Best regards, 

Deivid A.  

Intel Customer Support Technician 

JasperKimmel
Novice
8,139 Views

Thanks @DeividA_Intel . I removed the software and the vulnerability was not found anymore. I also dropped a mail to Intels Security Center.

DeividA_Intel
Employee
8,072 Views

Hello JasperKimmel, 



Thanks for the confirmation. I am glad to know that the issue is no longer present after you uninstall the Intel® Computing Improvement Program (Intel® CIP).


Since the issue was solved, I will proceed to close this thread. However, you can open a new one in case you need further support or if you encounter any future issues.



Regards,   

Deivid A.  

Intel Customer Support Technician  


0 Kudos
Reply