Intel has discovered a host of serious firmware vulnerabilities

Flaws could allow for DoS attacks and privilege escalation

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Intelsays it has discovered 16 new BIOS vulnerabilities that could allow cybercriminals to circumvent cybersecurity solutions in theoperating systemand access sensitive data. Furthemore, it would allow them to launch Denial of Service, as well as Privilege Escalation attacks on the local endpoint.

These flaws lead back to a wide variety of bugs found in the BIOS firmware, such as insufficient control flow management, out-of-bounds write problems, buffer overflow, improper input validation, pointer issues, default permissions, or access control issues.

According to the company’s security bulletin, models from the 6th to the 11th-Gen Core processors are affected, as well as Xeon products from the W, E and D series.

Physical access needed

Of the 16 vulnerabilities found, 10 have been described as “high severity”, three are “medium” severity, and one is “low” severity.

The good news about all of these flaws is that they require physical access to the device in order to be leveraged. While that’s good news for businesses that hold their endpoints in a secure location, it could spell trouble for professionals withbusiness laptopsormobile workstations.

The best way to go about these bugs is to “update to the latest versions provided by the system manufacturer that addresses these issues”, Intel says, without saying if the updates are yet available or not. As far as we know, Intel will be releasing firmware updates to mitigate these flaws, but no concrete roadmap is yet published.

This dangerous Intel CPU vulnerability could allow attackers to break into your laptop>Intel claims its CPUs have fewer new security bugs than AMD>Intel, Lenovo and more hit by major BIOS security flaws

Here is the full list of the affected products:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Via:Tom’s Hardware

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)