Intel has released security updates to fix vulnerabilities in Intel PROSet/Wireless WiFi, Driver and Support Assistant, and other software products.
An attacker could exploit some of these vulnerabilities to gain escalation of privileges or launch denial of service attacks.
Each of the High severity advisories are listed below, along with a brief synopsis of relevant vulnerabilities.
Intel® PROSet/Wireless WiFi vulnerabilities
Intel patched two vulnerabilities in Intel® PROSet/Wireless WiFi product in the advisory INTEL-SA-00338.
CVE-2020-0557: “Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.”
CVE-2020-0558: “Improper buffer restrictions in kernel mode driver for Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an unprivileged user to potentially enable denial of service via adjacent access.”
Modular Server Compute Module vulnerabilities
Intel released a security advisory INTEL-SA-00351 for potentially three vulnerabilities in Intel® Modular Server MFS2600KISPP Compute Module that may allow escalation of privilege or denial of service.
However, Intel said there are no plans to patch the vulnerabilities since they issued a Product Discontinuation Notice for the product.
The vulnerabilities are listed as CVE-2020-0578, CVE-2020-0576 and CVE-2020-0577.
Intel NUC firmware advisory
Intel also released a firmware update (INTEL-SA-00363) for NUC to address a privileged escalation vulnerability.
CVE-2020-0600: “Improper buffer restrictions in firmware for some Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.”
Finally, Intel also released Moderate severity advisories for Data Migration Software (INTEL-SA-00327), Driver and Support Assistant (INTEL-SA-00344) and Binary Configuration Tool for Windows (INTEL-SA-00359).