Today we are releasing 18 security advisories addressing 52 vulnerabilities across a range of products. 24 of the vulnerabilities were found internally by Intel, and the remaining were reported primarily through the Intel bug bounty program.
Many of the issues we mitigate require us to coordinate with multiple parties to provide the mitigations to end users. For example, once a mitigation is developed and our own internal validation testing is complete, we generally provide the update to original equipment manufacturers (OEMs) who need to do their own validation testing and integration across a range of products. Public disclosure is then coordinated with those OEMs as they become ready to provide their integrated update to their customers.
The onset of the COVID-19 pandemic has had a widespread impact on the ability of organizations to have employees physically present within their places of business. To help address the resource constraints this has caused, Intel is attempting to align public disclosures to specific timeframes. This allows our customers to validate several updates all at once as we coordinate making those updates available to the end customer. This is the reason for the larger than normal number of advisories being published today.
We are not aware of any of these issues being used in real-world attacks, but as always, Intel recommends that customers apply updates as soon as possible.
Director of Communications
Intel Product Assurance and Security