0
0
1,301
Hello again,
Today we are releasing 6 Security Advisories as part of our regular monthly update process. The bulk of the issues being addressed were reported through our Bug Bounty Program.
Among our updates this month is an internally found issue in Intel® CSME that could potentially allow information disclosure via local access. Intel has worked with industry partners to integrate the mitigations for this issue into their products ahead of public disclosure, and we recommend customers download the update from their system provider as soon as possible.
Click HERE for a list of computer manufacturer support sites.
The table below is the full list of new advisories this month. We recommend customers review these advisories to assess impact in their environment and apply the mitigations. At this time, we are not aware of any of these issues being exploited in the wild.
Security Advisory ID | Title | CVE’s | CVSS |
INTEL-SA-00307 | Intel® CSME Advisory | CVE-2019-14598 | 8.2 |
INTEL-SA-00273 | Intel® Renesas Electronics® USB 3.0 Driver Advisory | CVE-2020-0560 | 6.7 |
INTEL-SA-00339 | Intel® RWC2 Advisory | CVE-2020-0562 | 6.7 |
INTEL-SA-00340 | Intel® MPSS Advisory | CVE-2020-0563 | 6.7 |
INTEL-SA-00341 | Intel® RWC3 Advisory | CVE-2020-0564 | 6.7 |
INTEL-SA-00336 | Intel® SGX SDK Advisory | CVE-2020-0561 | 2.5 |
For a full list of Intel security advisories, go to: www.intel.com/security.
Our next regularly scheduled security advisory release is March 10, 2020. Please check back here at that time for another update.
Thanks,
Jerry Bryant
Director of Communications
Intel Product Assurance and Security
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
About the Author
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.