Intel reveals a whole load of hardware security issues, so patch now

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

Intel has announced a host of firmware bugs, which could allow endpoints such as datacentre servers, workstations, mobile devices, and storage products to become compromised.

The bugs, first reported by The Register, can allow bad actors to leak information and escalate their privileges, and were labelled by Intel as “high severity”.

A full list of products the vulnerabilities may impact can be found here, which includes 10th Generation Intel Core Processors and Intel Core X-series Processors.

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

What should users do?

Intel recommends that users of the affected processors update to the latest versions provided by their system manufacturer to addresses these issues.

Unfortunately, the above was not the only set of bugs which Intel was able to announce.

A potential security vulnerability in Intel Processors which may allow information disclosure was also announced, though this was only dubbed “low severity” by Intel.

Intel said that “Observable behavioral discrepancy in some Intel processors may allow an authorized user to potentially enable information disclosure via local access.”

The bug could potentially affect all Intel processor families according to the hardware giant.

Intel recommends that any impacted product should utilize the LFENCE instruction “after loads that should observe writes from another thread to the same shared memory address”.

Firewalls may not be enough by themselves in today’s climate, it’s not just Intel that has potential hardware security vulnerabilities floating around.

Academic researchers have demonstrated a successful attack strategy to get around the protections provided by AMDs famed Secure Encrypted Virtualization (SEV) technology.

Anyone interested in outing more bugs and having information about a security issue or vulnerability with an Intel-branded product or technology can send it via e-mail to secure@intel.com, after encrypting sensitive information using its PGP public key.

The demand for greater hardware security is there according to Intel’s own research.

The survey, based on speaking to 1,406 people across the United States, Europe, the Middle East, Africa, and Latin America, found 75% of respondents expressed interest in hardware-based approaches to security, while 40% expressed interest in “security at a silicon level”.

Via The Register

TOPICS

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.