When it seemed that everything was calm or at least with some stability, Intel arrives and drops a new bomb. And it is that now the blues publish a whopping 16 different vulnerabilities for a series of Intel processors that is noteworthy. In other words, they can attack our PC in 16 different ways as long as we have one of these families of processors, which is more than likely if our PC is moderately powerful. There’s a solution? Not for the moment…
Surely you are thinking about the vulnerabilities of HP, Dell, Lenovo and other vendors, but no, this is something totally unrelated to that, but at the same time they have a common point. In a new report from Intel’s own website we see that the latest refresh has brought a queue, since there are 16 new vulnerabilities that are also all focused on a specific point: the BIOS firmware.
Vulnerabilities in 13 Intel CPU families
The report is classified as high severity and was released last night, where Intel released a brief statement and summary of the issue:
Potential security vulnerabilities in the BIOS firmware for some Intel processors may allow escalation of privilege, denial of service, or disclosure of information. Intel is releasing firmware updates to mitigate these potential vulnerabilities.
You can find the information on each vulnerability at the source of this article in case you want to look at one in particular, but in any case what we have to be clear about is that if we have a processor from 6th Generation to 11th Generation, going through Xeon W processors , E or D we are exposed to the three main methods described.
The 16 vulnerabilities are segmented as follows:
- 10 of high gravity
- 4 gravity half
- 2 of short gravity
In all cases, the attacker will take full or partial control of the motherboard BIOS and gain access to the PC and our confidential data, although it is not specified whether the encryption can also be the target of such an attack.
One good news and one bad
The good news is that in order for the attacker to gain control, he will have to be physically in front of the PC or server, that is, he must have physical access to its BIOS and it cannot be done in any other way, not even remotely. This will make companies that have good perimeter security and staff access control calmer, and surely many of the users, but doubts arise with laptops as such, since they are easier to access due to their mobility.
Some of these vulnerabilities have such a large security impact that could circumvent all measures Interposed by hardware or software, since the control of the BIOS gives access to practically any part of the PC or server.
Intel is already releasing firmware updates to mitigate the vulnerabilities, although there is no roadmap that has specified the affected products:
- Intel Xeon Scalable Processor Family second generation
- Intel Scalable Processor Family xeon
- Intel processor family Xeon W
- Intel processor family Xeon-E
- Intel processor family Xeon D
- Intel Core processor family of 11th generation
- Intel Core processor family of 10th generation
- Intel Core processor family of ninth generation
- Intel Core processor family of eighth generation
- Intel Core processor family of seventh generation
- Intel Core processor family of sixth generation
- Intel processor family core series x
- Intel processor family Atom C3XXX.
So what’s the bad news about the 16 Intel vulnerabilities? well the manufacturer support of base plates. Many of the described families no longer have BIOS support for two years, so either Intel forces these manufacturers to compile a new BIOS/UEFI with the new firmware and it ends up being released to hundreds of models, if not thousands, or these processors could be left out of the mitigations. We will have to be attentive to the official websites of the models to see these updates, because there are no official arrival times in this regard.
