Happy New Year!
It may be the start of a new decade, but it is business as usual here in the Intel Product Assurance and Security (IPAS) group. This month, consistent with our commitment to transparency, we are releasing 6 security advisories addressing 6 vulnerabilities. Three of these, including the one with the highest CVSS severity rating of 8.2, were internally found by Intel, and the others were reported through our Bug Bounty program. All the security advisories today are software only updates.
Looking back at 2019, our theme of transparency through the internal discovery and reporting of vulnerabilities is demonstrated in the fact that out of 236 CVEs addressed, 144, or 61%, were found by Intel. Combining internally found issues with those reported through our Bug Bounty program, a total of 91% of vulnerabilities addressed in 2019 were the result of Intel’s direct investment in product assurance and security. Stay tuned for a deeper dive into this data in a future post.
The table below contains the list of advisories for January 2020. For users of Intel® VTUNE, an advanced profiling and code optimization tool, we recommend updating to version 8 or later to help protect against an escalation of privilege vulnerability that requires local access. As already stated, this issue was found internally by Intel, and we are not aware of attacks attempting to use any of the issues in this month’s release.
|Security Advisory ID||Title||CVE’s||CVSS|
|INTEL-SA-00325||Intel® VTUNE Advisory||CVE-2019-14613||8.2|
|INTEL-SA-00308||Intel® RWC 3 for Windows* Advisory||CVE-2019-14601||6.7|
|INTEL-SA-00300||Intel® SNMP Subagent Stand-Alone for Windows* Advisory||CVE-2019-14600||6.5|
|INTEL-SA-00314||Intel® Processor Graphics Advisory||CVE-2019-14615||6.3|
|INTEL-SA-00306||Intel® Chipset Device Software INF Utility Advisory||CVE-2019-14596||5.9|
|INTEL-SA-00332||Intel® DAAL Advisory||CVE-2019-14629||3.9|
You can find all of our security advisories at http://www.intel.com/security.
That’s all for today’s release. The next update Tuesday is February 11, 2020. Follow us on Twitter @IntelSecurity for the latest updates.
Director of Communications
Intel Product Assurance and Security