IPAS: Security Advisories for February 2020

Hello again,

Today we are releasing 6 Security Advisories as part of our regular monthly update process. The bulk of the issues being addressed were reported through our Bug Bounty Program.

Among our updates this month is an internally found issue in Intel® CSME that could potentially allow information disclosure via local access. Intel has worked with industry partners to integrate the mitigations for this issue into their products ahead of public disclosure, and we recommend customers download the update from their system provider as soon as possible.

Click HERE for a list of computer manufacturer support sites.

The table below is the full list of new advisories this month. We recommend customers review these advisories to assess impact in their environment and apply the mitigations. At this time, we are not aware of any of these issues being exploited in the wild.

Security Advisory ID Title CVE’s CVSS
INTEL-SA-00307 Intel® CSME Advisory CVE-2019-14598 8.2
INTEL-SA-00273 Intel® Renesas Electronics® USB 3.0 Driver Advisory CVE-2020-0560 6.7
INTEL-SA-00339 Intel® RWC2 Advisory CVE-2020-0562 6.7
INTEL-SA-00340 Intel® MPSS Advisory CVE-2020-0563 6.7
INTEL-SA-00341 Intel® RWC3 Advisory CVE-2020-0564 6.7
INTEL-SA-00336 Intel® SGX SDK Advisory CVE-2020-0561 2.5

 

For a full list of Intel security advisories, go to: www.intel.com/security.

Our next regularly scheduled security advisory release is March 10, 2020. Please check back here at that time for another update.

Thanks,

Jerry Bryant
Director of Communications
Intel Product Assurance and Security

Published on Categories IDF
Jerry Bryant

About Jerry Bryant

Jerry Bryant is a Senior Director of Security Communications at Intel Corp. where he leads communications strategy, vulnerability issues management, field, and customer readiness within the Intel Product Assurance and Security Group (IPAS). Jerry has over 20 years experience in product security incident response within fortune 50 companies and specializes in vulnerability handling, incident/crisis management, threat intelligence sharing, industry, and government engagement. He believes strongly in sharing lessons learned and helping to advance the knowledge and readiness of defenders across the industry. Jerry is a co-author of the Product Security Incident Response Team (PSIRT) Services Framework, a cross industry collaboration through the Forum for Incident Response and Security Teams (FIRST.org).