Intel just can’t seem to catch a break with new security vulnerabilities being discovered every other month. Apart from the issues in its hardware, which caused Spectre and Meltdown, Intel’s software division is also under the radar.
Jesse Michael, a security researcher from Eclypsium, detected a flaw with a high severity rating in the Intel’s processor diagnostic tool (CVE-2019-11133). According to Intel security advisory, “Improper access control in the Intel(R) Processor Diagnostic Tool before version 22.214.171.124 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.”
Furthermore, Intel’s internal security team also discovered a bug in the data center SSDs – DC S4500/S4600 series which allowed users to get privileged access via physical access to the SSD. Intel was contacted by Eclypsium regarding the vulnerability, consequently, Intel was able to patch issues before the public reveal.
It has to be stated that Spectre and Meltdown were an eye