Security
Determine security ramifications to protect personal data and information
104 Discussions

IPAS: Security Advisories for January 2020

IPAS_Security
Employee
0 0 1,266
Jan2020SAs-1.png

Happy New Year!

It may be the start of a new decade, but it is business as usual here in the Intel Product Assurance and Security (IPAS) group. This month, consistent with our commitment to transparency, we are releasing 6 security advisories addressing 6 vulnerabilities. Three of these, including the one with the highest CVSS severity rating of 8.2, were internally found by Intel, and the others were reported through our Bug Bounty program. All the security advisories today are software only updates.

Looking back at 2019, our theme of transparency through the internal discovery and reporting of vulnerabilities is demonstrated in the fact that out of 236 CVEs addressed, 144, or 61%, were found by Intel. Combining internally found issues with those reported through our Bug Bounty program, a total of 91% of vulnerabilities addressed in 2019 were the result of Intel’s direct investment in product assurance and security. Stay tuned for a deeper dive into this data in a future post.

The table below contains the list of advisories for January 2020. For users of Intel® VTUNE, an advanced profiling and code optimization tool, we recommend updating to version 8 or later to help protect against an escalation of privilege vulnerability that requires local access. As already stated, this issue was found internally by Intel, and we are not aware of attacks attempting to use any of the issues in this month’s release.













































Security Advisory IDTitleCVE'sCVSS
INTEL-SA-00325Intel® VTUNE AdvisoryCVE-2019-146138.2
INTEL-SA-00308Intel® RWC 3 for Windows* AdvisoryCVE-2019-146016.7
INTEL-SA-00300Intel® SNMP Subagent Stand-Alone for Windows* AdvisoryCVE-2019-146006.5
INTEL-SA-00314Intel® Processor Graphics AdvisoryCVE-2019-146156.3
INTEL-SA-00306Intel® Chipset Device Software INF Utility AdvisoryCVE-2019-145965.9
INTEL-SA-00332Intel® DAAL AdvisoryCVE-2019-146293.9

 

You can find all of our security advisories at http://www.intel.com/security.

That’s all for today’s release. The next update Tuesday is February 11, 2020. Follow us on Twitter @IntelSecurity for the latest updates.

Thanks,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security
About the Author
Intel Product Assurance and Security (IPAS) is designed to serve as a security center of excellence – a sort of mission control – that looks across all of Intel. Beyond addressing the security issues of today, we are looking longer-term at the evolving threat landscape and continuously improving product security in the years ahead.