Thought you were done patching this week? Not if you're using an Intel-powered PC or server
Here comes Chipzilla with a big bunch of security fixes for graphics drivers, server and workstation firmware, and more
Hot on the heels of this month's security updates from Microsoft, Adobe, and SAP, Intel has kicked out a batch of its own bug patches.
Chipzilla's March patch dump is highlighted by fixes for 19 CVE-listed vulnerabilities in its graphics drivers for Windows. If you use Windows and have those drivers (and if you're running an Intel CPU with integrated GPU, you almost certainly do) you will want to patch sooner than later.
All of the flaws require local access to exploit, so users will only be in danger if a miscreant is already running code on your machine, at which point you would already be in a pretty bad spot. Some also require the compromised or rogue user account to be an administrator, further reducing the potential harm inflicted through these bugs – because if you're a malicious user or malware with admin rights, you can already go fill your boots.
Among the most serious flaws, according to Intel, addressed in the update are fixes for CVE-2018-12214 and CVE-2018-12216, both in the kernel-mode driver, though they require the attacker to have privileged access to exploit them.
The 12214 bug is a memory corruption error, while the 12216 flaw is due to insufficient input validation. If exploited, both would potentially allow code execution at the operating system kernel level. A third vulnerability, CVE-2018-12220, could also allow code execution, but is considered a low security risk as it is much more difficult to exploit.
Microsoft changes DHCP to 'Dammit! Hacked! Compromised! Pwned!' Big bunch of security fixes land for WindowsREAD MORE
Also of note is CVE-2018-12223, a virtual machine escape flaw stemming from bad access controls in the User Mode Driver. A successful exploit of that bug would allow the user of a VM to get access to the host machine on their local server.
Denial of service errors accounted for six of the bugs: CVE-2018-12211, CVE-2018-12212, CVE-2018-12213, CVE-2018-12215, CVE-2018-18090, CVE-2018-18091. As the description would suggest, those flaws potentially allow for a crash if exploited, and are classified as either low or medium exploit risks.
The remainder of the patched vulnerabilities cover information disclosure issues. For the most part, these would be considered low-risk problems as the attacker would need to have local access to the target machine. For the most part, those flaws would allow the malicious user to view things such as device configuration information or read memory contents.These are also considered low to medium security risks.
Users and admins will be able to patch all of the bugs by updating to the latest available versions of Intel Graphics Driver for their processors, available here.
But wait, there's more
Finally, there are a bunch of other security fixes out this week for more Chipzilla products.
Most notable is a load of updates to address vulnerabilities in Intel's CSME, Server Platform Services, Trusted Execution Engine, and Active Management Technology firmware and software. These holes can, for instance, be exploited by anyone with physical access to a vulnerable box to execute code at the motherboard firmware level or thereabouts, increase their privileges, read data, and cause other mischief.
Some of the bugs require a compromised or rogue user to be logged in with admin rights to exploit, and some require no authentication at all beyond physical access.
These vulnerabilities are rather nasty because they lie within the hidden motherboard firmware used by IT pros to manage office PCs, workstations, and servers remotely. This technology appears in a range of Intel processors, from Core desktop to Xeon data-center parts, though, whether you're a home user or office worker, so your system may be affected.
Don't start panicking, please, because, as we said, someone either needs to, in some cases, physically get hold of your machine to attack it, or they need to have admin rights on the box anyway. These vulnerabilities are mostly useful for infiltrating high-value espionage targets, where a spy wishes to lurk in an internal network for a while without detection.
Intel's vulnerable technology runs beneath the operating system and any antivirus packages, and thus compromising these components can potentially compromise the entire box without anyone noticing, allowing the intruder to silently spy on victims, siphon off documents, and tamper with data. We've written about this sort of threat a lot, for example, here.
Here's a run down of these latest system firmware-level patches:
- CVE-2018-12188: Intel Converged Security and Management Engine (CSME) or Trusted Execution Engine (TXE): An unauthenticated user can potentially modify data via physical access.
- CVE-2018-12189: Content Protection subsystem of CSME or TXE: Privileged user can potentially modify data via local access.
- CVE-2018-12190: CSME or TXE: Privileged user to potentially execute arbitrary code via local access.
- CVE-2018-12191: CSME or TXE: An unauthenticated user can potentially execute arbitrary code via physical access.
- CVE-2018-12192: CSME or Server Platform Services: An unauthenticated user to potentially bypass MEBx authentication via physical access.
- CVE-2018-12199: CSME or TXE: A privileged user can potentially execute arbitrary code via physical access.
- CVE-2018-12198: Server Platform Services: A privileged user can potentially cause a denial of service via local access.
- CVE-2018-12208: HECI subsystem in CSME, TXE, or Server Platform Services: An unauthenticated user can potentially execute arbitrary code via physical access.
- CVE-2018-12200: Capability Licensing Service: An unprivileged user can potentially escalate privileges via local access.
- CVE-2018-12187: Active Management Technology (AMT): An unauthenticated user can potentially cause a denial of service via network access.
- CVE-2018-12196: AMT in CSME: A privileged user can potentially execute arbitrary code via local access.
- CVE-2018-12185: AMT in CSME: An unauthenticated user can potentially execute arbitrary code via physical access.
Check the above advisories for affected version numbers, then fetch and apply these updates from your computer's manufacturer as required. ®