IPAS: November 2019 Intel Platform Update (IPU)

Hi everyone,

Welcome to our new security blog which will serve as a resource for security updates, bug bounty topics, new security research, and engagement activities within the security research community.

It is the second Tuesday of November 2019 and like many others in the industry, Intel is releasing security advisories as part of a regular monthly cadence. The video below provides a short overview:

The bulk of the advisories this month are for issues found internally by Intel and are part of the Intel Platform Update (IPU) process. Through the IPU, which we coordinate two to three times each year, we combine the delivery of security and functional updates with the goal of enhancing our ecosystem partners’ ability to validate and release updates for their products on a timely and predictable cadence. This requires a great deal of cross-industry collaboration as we work with almost 300 organizations to prepare and coordinate the release of these updates.

Industry collaboration is a key and strategic component to how we seek to lead in hardware security innovation. Every day we collaborate with the leading operating system, hypervisor, and cloud services providers, to work on microarchitectural solutions that have impact on a global scale. In some cases, as in INTEL-SA-00210, an issue in hardware can most efficiently be addressed at the software layer. It is truly amazing when companies, some of which may be competitors in the global market place, can work together on solutions that benefit the entire ecosystem. Today, other organizations are releasing their own advisories in conjunction with ours, providing software updates for an issue found internally by Intel. More information can be found here.

“67 of the 77 vulnerabilities we are addressing were internally found by Intel”

Intel is heavily invested in both industry collaboration and in conducting security research into our own products. As a result, while we are addressing 77 vulnerabilities this month, 67 were discovered internally through our own testing, validation and analysis. We believe that assigning CVE ID’s and publicly documenting internally found vulnerabilities helps our customers to accurately assess risk, prioritize, and deploy updates. By the time you are reading this blog post, mitigations for many of these issues will have already been propagated throughout the ecosystem through the IPU process. At the same time, the external researchers who reported the remaining issues to us have all been good partners in working with us on coordinated vulnerability disclosure (CVD).

In the table, updates are ordered from highest overall severity rating to lowest to give you a sense of how to prioritize deployment. In the Intel Management Engine category (CSME, SPS, TXE, and AMT), 22 of the 24 CVE’s were found internally including CVE-2019-0169 which has a CVSS score of 9.6 (critical). We recommend you check with your system manufacturers and operating system vendors to determine how to obtain these updates.

Advisory ID Title Internally Found CVSS Range
INTEL-SA-00241 Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory 22 of 24 2.3 – 9.6
INTEL-SA-00313 Intel® BMC Advisory 12 of 12 3.7 – 9.0
INTEL-SA-00255 Intel® Ethernet 700 Series Controllers Advisory 10 of 11 5.6 – 8.8
INTEL-SA-00242 Intel® Graphics Driver for Windows* Advisory 5 of 8 4.0 – 8.8
INTEL-SA-00287 Intel® WIFI Drivers and Intel® PROSet/Wireless WiFi Software extension DLL Advisory 3 of 3 8.2 – 8.7
INTEL-SA-00288 Intel® PROSet/Wireless WiFi Software Security Advisory 3 of 3 5.3 – 8.5
INTEL-SA-00220 Intel® SGX and TXT Advisory 2 of 2 8.2 – 8.2
INTEL-SA-00240 Intel® CPU Security Advisory 2 of 2 7.5 – 8.2
INTEL-SA-00293 Intel® SGX Advisory 1 of 2 7.0 – 7.8
INTEL-SA-00280 IPU UEFI Advisory 1 of 2 7.5 – 7.5
INTEL-SA-00309 Nuvoton* CIR Driver for Windows® 8 for Intel® NUC Advisory 0 of 1 6.7
INTEL-SA-00210 Intel® Processor Machine Check Error Advisory 1 of 1 6.5
INTEL-SA-00260 Intel® Processor Graphics Update Advisory 1 of 1 6.5
INTEL-SA-00270 TSX Transaction Asynchronous Abort Advisory 0 of 1 6.5
INTEL-SA-00164 Intel® TXT Advisory 1 of 1 6.0
INTEL-SA-00219 Intel® SGX with Intel® Processor Graphics Update Advisory 1 of 1 6.0
INTEL-SA-00254 Intel® SMM Advisory 1 of 1 6.0
INTEL-SA-00271 Intel® Xeon® Scalable Processors Voltage Setting Modulation Advisory 1 of 1 5.8


CVE-2019-11135, is closely related to Microarchitectural Data Sampling (MDS) that we addressed in May of this year. Transactional Synchronization Extensions (TSX) Asynchronous Abort, or TAA, has a medium CVSS score of 6.5. This was externally reported and affects only CPU’s that support TSX. The TAA mitigation provides the ability to clear stale data from microarchitectural structures through use of a VERW instruction on processors that already have hardware-based mitigations for MDS (see INTEL-SA-00233). It also provides system software the means to disable TSX for customers who do not use this functionality.  We believe that the mitigations for TAA and MDS substantively reduce the potential attack surface. Shortly before this disclosure, however, we confirmed the possibility that some amount of data could still be inferred through a side-channel using these techniques (for TAA, only if TSX is enabled) and will be addressed in future microcode updates. We continuously improve the techniques available to address such issues and appreciate the academic researchers who have partnered with Intel.

For more information on TAA, please review our technical deep dive.

That is all for this month. Please follow us @intelsecurity for the latest updates.


Jerry Bryant
Director of Communications
Intel Product Assurance and Security

Published on Categories IDF
Jerry Bryant

About Jerry Bryant

Jerry Bryant is a Senior Director of Security Communications at Intel Corp. where he leads communications strategy, vulnerability issues management, field, and customer readiness within the Intel Product Assurance and Security Group (IPAS). Jerry has over 20 years experience in product security incident response within fortune 50 companies and specializes in vulnerability handling, incident/crisis management, threat intelligence sharing, industry, and government engagement. He believes strongly in sharing lessons learned and helping to advance the knowledge and readiness of defenders across the industry. Jerry is a co-author of the Product Security Incident Response Team (PSIRT) Services Framework, a cross industry collaboration through the Forum for Incident Response and Security Teams (FIRST.org).