Intel is patching a load of serious software security holes
>
Intel has patched multiple vulnerabilities discovered in its Software Guard Extensions (SGX) and is now urging users to apply the patch as soon as possible.
The errors affect a “wide range of Intel products”, including Xeon processors, network adapters and software. A total of 31 advisories have been added to the Intel Security Center, including five CVEs.
Of those five, two have privilege escalation vulnerabilities that could allow threat actors to elevate the privileges of their accounts on target endpoints (opens in new tab) and use them to exfiltrate sensitive data. The irony is palpable here, the publication suggests, because SGX is a feature “that should enable secure processing of sensitive data within encrypted areas of memory known as enclaves.”
Steal sensitive data
The third flaw, tracked as CVE-2022-38090, is a medium-rated vulnerability that affects 3rd Gen Xeon Scalable processors, among others. According to Intel, “Improper isolation of shared resources in some Intel processors when using Intel Software Guard Extensions may allow a privileged user to disclose information through local access.”
The best course of action, says Intel, is to update your device’s firmware.
The fourth vulnerability, tracked as CVE-2022-33196, is a very serious flaw that also affects 3rd generation Xeon Scalable processors, as well as Xeon D processors. Patches, in the form of BIOS and microcode updates, are on the way, the company added.
The fifth bug concerns SGX’s software development kit (SDK). Although it has a low severity, there is still a chance that scammers will use it to steal sensitive data, Intel says. An update is also on the way.
SGX, now in its eighth year, is “plagued with vulnerabilities,” the publication says, adding that the tool has been deprecated in customer-facing chips of 11th and 12th generation Core processors.
Through: The register (opens in new tab)