IPAS: Security Advisories for August 2020

Hi everyone,

Today we are releasing 18 security advisories addressing 52 vulnerabilities across a range of products. 24 of the vulnerabilities were found internally by Intel, and the remaining were reported primarily through the Intel bug bounty program.

Many of the issues we mitigate require us to coordinate with multiple parties to provide the mitigations to end users. For example, once a mitigation is developed and our own internal validation testing is complete, we generally provide the update to original equipment manufacturers (OEMs) who need to do their own validation testing and integration across a range of products. Public disclosure is then coordinated with those OEMs as they become ready to provide their integrated update to their customers.

The onset of the COVID-19 pandemic has had a widespread impact on the ability of organizations to have employees physically present within their places of business. To help address the resource constraints this has caused, Intel is attempting to align public disclosures to specific timeframes. This allows our customers to validate several updates all at once as we coordinate making those updates available to the end customer. This is the reason for the larger than normal number of advisories being published today.

We are not aware of any of these issues being used in real-world attacks, but as always, Intel recommends that customers apply updates as soon as possible.


Jerry Bryant
Director of Communications
Intel Product Assurance and Security

Published on Categories IDF
Jerry Bryant

About Jerry Bryant

Jerry Bryant is a Senior Director of Security Communications at Intel Corp. where he leads communications strategy, vulnerability issues management, field, and customer readiness within the Intel Product Assurance and Security Group (IPAS). Jerry has over 20 years experience in product security incident response within fortune 50 companies and specializes in vulnerability handling, incident/crisis management, threat intelligence sharing, industry, and government engagement. He believes strongly in sharing lessons learned and helping to advance the knowledge and readiness of defenders across the industry. Jerry is a co-author of the Product Security Incident Response Team (PSIRT) Services Framework, a cross industry collaboration through the Forum for Incident Response and Security Teams (FIRST.org).