Intel addresses High-Severity flaws in NUC Firmware and other tools

Pierluigi Paganini August 18, 2019

Intel released security updates to address high-severity vulnerabilities in NUC firmware, the Processor Identification Utility, and the Computing Improvement Program.

Intel Patch Tuesday for August 2019 addressed high-severity vulnerabilities in NUC firmware, Processor Identification Utility, and Computing Improvement Program.

One of the flaws addressed by Intel, tracked as CVE-2019-11140, is an insufficient session validation vulnerability that could be exploited by attackers for privilege escalation, information disclosure and denial-of-service (DoS) attacks.

“Description: Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.” reads the security advisory published by Intel.

The vulnerability was not rated as critical because it requires local access to the targeted device for the exploitation.

Intel also addressed an insufficient access control issue,tracked as CVE-2019-11163, affecting the Intel Processor Identification Utility for Windows. The vulnerability required authentication to the targeted system for its exploitation.

“Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.” reads the security advisory.

The third high-severity vulnerability addressed by Intel resides in the Intel Computing Improvement Program.

“Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.” reads the advisory published by Intel.

Intel also fixed other flaws with minor severity in other components such as the RWC2, Intel Authenticate, Driver & Support Assistant, and the Remote Displays SDK.

The US CISA Agency also published an advisory to urge users to apply the security updates released by Intel.

“Intel has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to gain an escalation of privileges on a previously infected machine.” states the advisory.

“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Intel advisories and apply the necessary updates”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Intel, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″] 3



you might also like

leave a comment