Intel recently released a security bulletin containing 16 newly discovered BIOS-related vulnerabilities that allow attackers to use denial of service and privilege escalation attacks on the local computer while bypassing the operating system and its associated security measures. According to Intel, these issues affect its 6th to 11th generation Core processors and their Xeon series, including W, E, and D models.
Ten of these vulnerabilities had a severity rating of "High," meaning they allowed unrestricted access to the machine, while three were rated "Medium" and one was rated "Low." These new vulnerabilities are not included in the recent Intel/AMD vulnerability list and are not related to recently published BIOS vulnerabilities affecting HP, Dell, Lenovo and other vendors.
Nonetheless, these 16 new vulnerabilities are similar to some in that they are BIOS-related. All 16 allow an attacker to hijack the computer's BIOS to gain access to the local computer and thus access sensitive data. Thankfully, Intel notes that all of these issues can only be exploited if an attacker has physical access to the machine, so they can't be exploited remotely. For businesses with secure locations, these vulnerabilities should not be as worrisome as personal laptops, as malicious actors can easily access the machine.
These issues are particularly dependent on various errors found in the Intel BIOS firmware, including inadequate control flow management, buffer overflows, pointer issues, incorrect validation, and so on. All of this allows the attacker to elevate privileges when needed. Others include incorrect access control and incorrect default permissions that could allow an attacker to use a denial of service attack on the local computer.
Most of these BIOS-related vulnerabilities are very influential because they can effectively bypass almost all security measures on the local PC. Most security measures run as part of the operating system, or on top of the operating system, which loads only after the BIOS runs its initial POST (post). This means that all conventional security countermeasures cannot protect the system BIOS.
Intel said it is releasing a firmware update to mitigate the vulnerability, but has not yet released a formal roadmap. However, the company said the proposed course of action is to "update to the latest version provided by the system manufacturer to address these issues." However, it is unclear whether these updates are available. Below you will find a list of affected platforms.
Affected Products:
2nd generation Intel Xeon Scalable processor family
Intel Xeon Scalable processor family
Intel Xeon processor W series
Intel Xeon processor E series
Intel Xeon processor D series
11th generation Intel Core processor family
10th generation Intel Core processor family
9th generation Intel Core processor family
8th generation Intel Core processor family
7th generation Intel Core processor family
6th generation Intel Core processor family
Intel Core X-series processor family
Intel Atom processor C3XXX series.