• Linkedin
  • Reddit

Summary

A serious Intel security flaw – improper access control – was discovered in the Processor Diagnostic Tool (which is a CPU performance testing program). In response, Intel provides a patch update right after this incident so that all Windows users are able to eliminate the bug easily. There are more details on this issue in the following content.

The Intel Processor Diagnostic Tool (IPDT) is actually the CPU performance-testing software designed for all Windows operating systems. With this tool, you can verify the status of your Intel CPUs and perform diagnostic checks when necessary.

Recently, there’s a high-severity security flaw found in the Processor Diagnostic Tool. Then, Intel has issued a patch update quickly for Windows users to fix the problem efficiently.

News: Bug Is Found in the Intel CPU

According to Corporation, this Intel CPU bug was found in Intel Processor Diagnostic Tool versions 4.1.2.24 and below. Malicious people can do something bad by exploiting the bug, so you are suggested to update your IPDT to the latest version ASAP. In this way, you can avoid being suffering from the troubles brought by this Intel processor bug.

Intel CPU bug

A researcher at security company Eclypsium, which focuses on firmware security, discovered the Intel CPU bug. A former senior Intel threat researcher found several new variants of the Spectre attacks that could exploit the speculative execution routines in Intel CPU; then, he launched this.

Improper Access Control

Whether you’re running on a 32-bit or 64-bit Windows operating system, you are likely to encounter the “improper access control” error. In fact, the improper access control error is caused by Intel security flaw in IPDT and can be exploited by an authenticated local user. According to Intel, users who are using IPDT version 4.1.2.24 and below are likely to see this error, which will allow the attackers to launch some malicious attacks on the affected devices.

Local access to a machine is needed, so you need to escalate privileges if you are not allowed to access. Otherwise, you’ll come across the denial of service. Yet, if there is any bugs found in the Intel Processor Diagnostic Tool, the escalation of privilege, denial of service, or information disclosure will be allowed. That’s why Intel is working so hard to release a new version to fix the problem.

Intel Vulnerability Ranks 8.2

Intel rated the severity of the Processor Diagnostic Tool bug as 'high'. After the simple analyzation and study, the flaw in Intel Processor Diagnostics tool (CVE-2019-11133) ranks 8.2 (out of 10) on the CVSS 3.0 scale. Why it ranks so high? The reason is easy to be understood: no complex attack is needed to exploit the bug, though the attacker must be local.

In response, Intel releases fixes for the bug in IPDT release 4.1.2.34; meanwhile, the fix for the medium-severity security vulnerability found in S4500/S4600 SSD lineup of data center is out. There is no authentication in the firmware for the solid state drives, so the unprivileged users are able to achieve the escalation of privilege through physical access.

The fixes are available for users who are using the following versions of Windows: Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Server 2008 R2.

IPDT release 4.1.2.34

Please note: I guess you would like to find easy and efficient ways to recover data when they get lost from Windows 10/8/7 or Windows Server computer. If yes, you should click the links below to know how to recover:

CISA Alert

Intel has released security updates to address vulnerabilities in Intel Solid State Drives for Data Centers and Intel Processor Diagnostic Tool. An attacker could exploit these vulnerabilities to gain an escalation of privileges on a previously infected machine.- according to a Cybersecurity and Infrastructure Security Agency (CISA) alert
  • Linkedin
  • Reddit