IPAS: Security Advisories for February 2020

Hello again,

Today we are releasing 6 Security Advisories as part of our regular monthly update process. The bulk of the issues being addressed were reported through our Bug Bounty Program.

Among our updates this month is an internally found issue in Intel® CSME that could potentially allow information disclosure via local access. Intel has worked with industry partners to integrate the mitigations for this issue into their products ahead of public disclosure, and we recommend customers download the update from their system provider as soon as possible.

Click HERE for a list of computer manufacturer support sites.

The table below is the full list of new advisories this month. We recommend customers review these advisories to assess impact in their environment and apply the mitigations. At this time, we are not aware of any of these issues being exploited in the wild.

Security Advisory ID Title CVE’s CVSS
INTEL-SA-00307 Intel® CSME Advisory CVE-2019-14598 8.2
INTEL-SA-00273 Intel® Renesas Electronics® USB 3.0 Driver Advisory CVE-2020-0560 6.7
INTEL-SA-00339 Intel® RWC2 Advisory CVE-2020-0562 6.7
INTEL-SA-00340 Intel® MPSS Advisory CVE-2020-0563 6.7
INTEL-SA-00341 Intel® RWC3 Advisory CVE-2020-0564 6.7
INTEL-SA-00336 Intel® SGX SDK Advisory CVE-2020-0561 2.5

 

For a full list of Intel security advisories, go to: www.intel.com/security.

Our next regularly scheduled security advisory release is March 10, 2020. Please check back here at that time for another update.

Thanks,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *