Windows 10 security: Bad bug in our CPU diagnostics app, so patch now, says Intel
Windows users and admins who've ever downloaded Intel's Processor Diagnostic Tool (IPDT) should update to the latest versions of the 32-bit and 64-bit products.
Security
According to Intel, IPDT version 4.1.2.24 and below suffer from "improper access control" that can be exploited by an authenticated local user to escalate privileges, leak information or cause a denial of service.
SEE: 10 tips for new cybersecurity pros (free PDF)
Intel has rated the severity of the bug as 'high', with a CVSS version 3 score of 8.2, because although the attacker must be local, the bug doesn't require a complex attack to exploit it.
Intel offers fixes for the bug in IPDT release 4.1.2.34, which is available for Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Server 2008 R2.
The tool is used to verify features and the functionality of Intel microprocessors and run checks on their operating frequency.
The bug was found by a researcher at security company Eclypsium, which specializes in firmware security. It was launched by a former senior Intel threat researcher, who found several new variants of the Spectre attacks that could exploit Intel's speculative execution routines in its CPUs.
Intel has also revealed a separate medium-severity flaw affecting the firmware for its SSD DC S4500 Series and SSD DC S4600 Series.
"Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R)SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access," Intel notes.
More on Intel and security
- All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix
- Windows 10 graphics: Intel warns, patch 19 severe driver flaws now
- Microsoft rolls out Google's Retpoline Spectre mitigation to Windows 10 users
- Researchers discover seven new Meltdown and Spectre attacks
- Linus Torvalds: After big Linux performance hit, Spectre v2 patch needs curbs
- Intel ditches Linux patch benchmark 'gag', offers 'innocuous' new license
- New Spectre variant 4: Our patches cause up to 8% performance hit, warns Intel
- Critical flaws revealed to affect most Intel chips since 1995
- Got an old PC? Find out whether you will get Intel's latest Spectre patch TechRepublic
- Class-action suits over Intel Spectre, Meltdown flaws surge CNET