Intel Patch Tuesday for August 2019 addressed
One of the flaws addressed by Intel, tracked as CVE-2019-11140, is an insufficient session validation vulnerability that could be exploited by attackers for privilege escalation, information disclosure and denial-of-service (
“Description: Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service
The vulnerability was not rated as critical because it requires local access to the targeted device for the exploitation.
Intel also addressed an insufficient access control issue
“Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.” reads the security advisory.
The third high-severity vulnerability addressed by Intel resides in the Intel Computing Improvement Program.
“Insufficient access control in hardware abstraction in SEMA driver for Intel
Intel also fixed other flaws with minor severity in other components such as the RWC2, Intel Authenticate, Driver & Support Assistant, and the Remote Displays SDK.
The US CISA Agency also published an advisory to urge users to apply the security updates released by Intel.
“Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.” states the advisory.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates”