Windows 10 security: Bad bug in our CPU diagnostics app, so patch now, says Intel

Intel fixes high-severity security flaw in its CPU performance-testing software for Windows 10 systems.

Meltdown and Spectre: Researchers find seven new variations Experiments showed that processors from AMD, ARM, and Intel are affected.

Windows users and admins who've ever downloaded Intel's Processor Diagnostic Tool (IPDT) should update to the latest versions of the 32-bit and 64-bit products. 

According to Intel, IPDT version 4.1.2.24 and below suffer from "improper access control" that can be exploited by an authenticated local user to escalate privileges, leak information or cause a denial of service. 

SEE: 10 tips for new cybersecurity pros (free PDF)    

Intel has rated the severity of the bug as 'high', with a CVSS version 3 score of 8.2, because although the attacker must be local, the bug doesn't require a complex attack to exploit it. 

Intel offers fixes for the bug in IPDT release 4.1.2.34, which is available for Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Server 2008 R2. 

The tool is used to verify features and the functionality of Intel microprocessors and run checks on their operating frequency.  

The bug was found by a researcher at security company Eclypsium, which specializes in firmware security. It was launched by a former senior Intel threat researcher, who found several new variants of the Spectre attacks that could exploit Intel's speculative execution routines in its CPUs

Intel has also revealed a separate medium-severity flaw affecting the firmware for its SSD DC S4500 Series and SSD DC S4600 Series. 

"Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access," Intel notes. 

More on Intel and security