Intel Patches High-Severity Privilege-Escalation Bugs

[silversurfer]

Intel on Tuesday patched three high-severity vulnerabilities that could allow the escalation of privileges across an array of products. Overall, the chip giant fixed five bugs – three rated high-severity, and two medium-severity.

The most concerning of these bugs is an escalation-of-privilege glitch in Intel’s PROset/Wireless Wi-Fi software, which is its wireless connection management tool. The vulnerability, CVE-2018-12177, has a “high” CVSS score of 7.8, according to Intel’s update.

The other high-severity bug exists in the company’s System Support Utility for Windows, which offers support for Intel-packed Windows device users. This bug (CVE-2019-0088) is due to insufficient path checking in the support utility, allowing an already-authenticated user to potentially gain escalation of privilege via local access. The vulnerability has a CVSS score of 7.5.

The high-severity flaw in SGX (CVE-2018-18098) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges. The vulnerability is rooted in improper file verification in the install routine for Intel’s SGX SDK and Platform Software for Windows before 2.2.100.  It was discovered by researcher Saif Allah ben Massaoud.

Intel’s patch comes during a busy patch Tuesday week, which includes fixes from Adobe and Microsoft.

Source: https://threatpost.com/intel-patches-pri...gs/140665/