IPAS: Security Advisories for January 2020

Happy New Year!

It may be the start of a new decade, but it is business as usual here in the Intel Product Assurance and Security (IPAS) group. This month, consistent with our commitment to transparency, we are releasing 6 security advisories addressing 6 vulnerabilities. Three of these, including the one with the highest CVSS severity rating of 8.2, were internally found by Intel, and the others were reported through our Bug Bounty program. All the security advisories today are software only updates.

Looking back at 2019, our theme of transparency through the internal discovery and reporting of vulnerabilities is demonstrated in the fact that out of 236 CVEs addressed, 144, or 61%, were found by Intel. Combining internally found issues with those reported through our Bug Bounty program, a total of 91% of vulnerabilities addressed in 2019 were the result of Intel’s direct investment in product assurance and security. Stay tuned for a deeper dive into this data in a future post.

The table below contains the list of advisories for January 2020. For users of Intel® VTUNE, an advanced profiling and code optimization tool, we recommend updating to version 8 or later to help protect against an escalation of privilege vulnerability that requires local access. As already stated, this issue was found internally by Intel, and we are not aware of attacks attempting to use any of the issues in this month’s release.

Security Advisory ID Title CVE’s CVSS
INTEL-SA-00325 Intel® VTUNE Advisory CVE-2019-14613 8.2
INTEL-SA-00308 Intel® RWC 3 for Windows* Advisory CVE-2019-14601 6.7
INTEL-SA-00300 Intel® SNMP Subagent Stand-Alone for Windows* Advisory CVE-2019-14600 6.5
INTEL-SA-00314 Intel® Processor Graphics Advisory CVE-2019-14615 6.3
INTEL-SA-00306 Intel® Chipset Device Software INF Utility Advisory CVE-2019-14596 5.9
INTEL-SA-00332 Intel® DAAL Advisory CVE-2019-14629 3.9

 

You can find all of our security advisories at http://www.intel.com/security.

That’s all for today’s release. The next update Tuesday is February 11, 2020. Follow us on Twitter @IntelSecurity for the latest updates.

Thanks,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security

Published on Categories IDF
Jerry Bryant

About Jerry Bryant

Jerry Bryant is a Senior Director of Security Communications at Intel Corp. where he leads communications strategy, vulnerability issues management, field, and customer readiness within the Intel Product Assurance and Security Group (IPAS). Jerry has over 20 years experience in product security incident response within fortune 50 companies and specializes in vulnerability handling, incident/crisis management, threat intelligence sharing, industry, and government engagement. He believes strongly in sharing lessons learned and helping to advance the knowledge and readiness of defenders across the industry. Jerry is a co-author of the Product Security Incident Response Team (PSIRT) Services Framework, a cross industry collaboration through the Forum for Incident Response and Security Teams (FIRST.org).