Security
Determine security ramifications to protect personal data and information
104 Discussions

IPAS: Security Advisories for February 2020

IPAS_Security
Employee
0 0 1,301
feb2020sas.jpg

Hello again,

Today we are releasing 6 Security Advisories as part of our regular monthly update process. The bulk of the issues being addressed were reported through our Bug Bounty Program.

Among our updates this month is an internally found issue in Intel® CSME that could potentially allow information disclosure via local access. Intel has worked with industry partners to integrate the mitigations for this issue into their products ahead of public disclosure, and we recommend customers download the update from their system provider as soon as possible.

Click HERE for a list of computer manufacturer support sites.

The table below is the full list of new advisories this month. We recommend customers review these advisories to assess impact in their environment and apply the mitigations. At this time, we are not aware of any of these issues being exploited in the wild.













































Security Advisory IDTitleCVE’sCVSS
INTEL-SA-00307Intel® CSME AdvisoryCVE-2019-145988.2
INTEL-SA-00273Intel® Renesas Electronics® USB 3.0 Driver AdvisoryCVE-2020-05606.7
INTEL-SA-00339Intel® RWC2 AdvisoryCVE-2020-05626.7
INTEL-SA-00340Intel® MPSS AdvisoryCVE-2020-05636.7
INTEL-SA-00341Intel® RWC3 AdvisoryCVE-2020-05646.7
INTEL-SA-00336Intel® SGX SDK AdvisoryCVE-2020-05612.5

 

For a full list of Intel security advisories, go to: www.intel.com/security.

Our next regularly scheduled security advisory release is March 10, 2020. Please check back here at that time for another update.

Thanks,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security
About the Author
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.