Reportedly, the Intel has released 29 security advisories to address 132 various issues in the BIOS firmware of Intel processors. Some of such impacted products include Bluetooth products, Active Management Technology tools, and many more.
As per the Jerry Bryant, most of the vulnerabilities were discovered internally, through company’s own diligence. Mostly, the bugs were revealed via Intel’s bug bounty program and its own research. In compare, the past few years disclosure mostly came externally, and were reported through the bug bounty program from various researchers. While, this year’s improvement is mostly due to Intel’s Security Development Lifecycle program.
In the 132 vulnerabilities patched, 56 of them are patched this during this month’s Patch Tuesday were discovered in graphics, networking and Bluetooth components. According to Bryant through a blog post, “Through the SDL, we take learnings from discovered vulnerabilities and make improvements to things like automated code scanning and training as well as using this information to inform our internal Red-Team events.”
The company resolved 29 vulnerabilities which were rated as high’severity, related to privilege escalation. The list includes four local privilege escalation in the firmware of Inte’s CPU products, a local privilege escalation in Intel Virtualization Technology for Directed I/O, a privilege escalation issue in Intel Security Library, a privilege escalation issue in NUC, and many even many more. Many other severe privilege escalation bugs were also found in Intel’s Driver and Support Assistant software and RealSense ID platform, as well as a denial-of-service flaw in specific Thunderbolt controllers.