IPAS: Security Advisories for January 2020

Happy New Year!

It may be the start of a new decade, but it is business as usual here in the Intel Product Assurance and Security (IPAS) group. This month, consistent with our commitment to transparency, we are releasing 6 security advisories addressing 6 vulnerabilities. Three of these, including the one with the highest CVSS severity rating of 8.2, were internally found by Intel, and the others were reported through our Bug Bounty program. All the security advisories today are software only updates.

Looking back at 2019, our theme of transparency through the internal discovery and reporting of vulnerabilities is demonstrated in the fact that out of 236 CVEs addressed, 144, or 61%, were found by Intel. Combining internally found issues with those reported through our Bug Bounty program, a total of 91% of vulnerabilities addressed in 2019 were the result of Intel’s direct investment in product assurance and security. Stay tuned for a deeper dive into this data in a future post.

The table below contains the list of advisories for January 2020. For users of Intel® VTUNE, an advanced profiling and code optimization tool, we recommend updating to version 8 or later to help protect against an escalation of privilege vulnerability that requires local access. As already stated, this issue was found internally by Intel, and we are not aware of attacks attempting to use any of the issues in this month’s release.

Security Advisory ID Title CVE’s CVSS
INTEL-SA-00325 Intel® VTUNE Advisory CVE-2019-14613 8.2
INTEL-SA-00308 Intel® RWC 3 for Windows* Advisory CVE-2019-14601 6.7
INTEL-SA-00300 Intel® SNMP Subagent Stand-Alone for Windows* Advisory CVE-2019-14600 6.5
INTEL-SA-00314 Intel® Processor Graphics Advisory CVE-2019-14615 6.3
INTEL-SA-00306 Intel® Chipset Device Software INF Utility Advisory CVE-2019-14596 5.9
INTEL-SA-00332 Intel® DAAL Advisory CVE-2019-14629 3.9

 

You can find all of our security advisories at http://www.intel.com/security.

That’s all for today’s release. The next update Tuesday is February 11, 2020. Follow us on Twitter @IntelSecurity for the latest updates.

Thanks,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *