Security Advisories for Intel Products dated July 10, 2018
On July 10, 2018, Intel released twelve security advisories for various Intel products. Eight of these safety instructions require Firmware Updates. In this article you will find information about these security advisories and where you will find updates for Thomas-Krenn products.
Security Advisories
Intel Security Advisory | Title | CVE | Affected systems |
---|---|---|---|
INTEL-SA-00112 | Intel Q1’18 Intel Active Management Technology 9.x/10.x/11.x Security Review Cumulative Update |
CVE-2018-3628 8.1 (High) |
AMT 3.x-11.x |
INTEL-SA-00118 | Intel Converged Security Management Engine (Intel CSME) 11.x issue | CVE-2018-3627 7.5 (High) | CSME 11.x |
INTEL-SA-00127 | DCI Policy Update | CVE-2018-3652 | Direct Connect Interface (DCI) (Intel Xeon E3 v5 and v6, Xeon Scalable) |
INTEL-SA-00130 | BMC Firmware Vulnerability Intel Server Boards, Compute Modules and Systems | CVE-2018-3651 8.2 (High) | BMC Firmware Intel Server Boards |
INTEL-SA-00152 | Firmware Authentication Bypass | No CVE, 6.8 (Medium) up to 7.6 (High) | Intel Core Processors 4th - 7th generation |
INTEL-SA-00158 | Platform firmware included insecure handling of certain UEFI variables | No CVE, 6.1 (Medium) | Intel Xeon Scalable, Xeon E5 v3 and v4 |
INTEL-SA-00159 | EDK II Untested memory not covered by SMM page protection | No CVE, 8.2 (High) | Tianocore-based firmware |
INTEL-SA-00160 | Insecure Handling of BIOS and AMT Passwords | CVE-2017-5704, 7.2 (High) | Intel Core Processors 4th - 7th generation |
Updates for products from Thomas-Krenn
Information about updates will be published in the following Wiki article as soon as updates are available:
Further information
- Another data-leaking Spectre CPU flaw among Intel's dirty dozen of security bug alerts today (theregister.co.uk, 10.07.2018)
- Intel Product Security Center Advisories (www.intel.com)
- Intel-Prozessoren: Management Engine (ME) über Netzwerk angreifbar (heise.de, 20.07.2018)
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|
Author: Thomas Niedermeier Thomas Niedermeier working in the product management team at Thomas-Krenn, completed his bachelor's degree in business informatics at the Deggendorf University of Applied Sciences. Since 2013 Thomas is employed at Thomas-Krenn and takes care of OPNsense firewalls, the Thomas-Krenn-Wiki and firmware security updates.
|