Intel detects 31 vulnerabilities that affect almost all its products

After Microsoft released its February patches for this 2023 Intel has released a very complete list with new vulnerabilities found. The blue team has been very active lately on different fronts and now has a daunting job, as the 31 Intel vulnerabilities span a huge number of productsand as expected, they have different severities, where the ones that stand out the most attack their Software Guard Extensions or SGX, something that we largely forget on PC, but on servers and data centers…

A large number of updates of all kinds are coming and for almost every product on the market. Luckily and as we have been able to see, there are none that threaten the performance of the systems and PC, but above all, they are all patchable, some of them very necessary because they have a high severity.

Intel’s 31 vulnerabilities in February 2023 for many of its products

We are not going to cite all of them, but we are going to touch on the most striking ones or those that touch us more closely for one reason or another. On the other hand, there is no confirmation that they will all be solved in a short period of time, so be patient and stay tuned for what is coming.

INTEL-SA-00717

It is listed as a security vulnerability for the BIOS firmware and Authentication Code Modules or ACM, which fall within the Intel TXT. Here the affected processors and motherboards vary depending on whether it carries TXT or not, but in any case, what the next firmware will try to cover through BIOS is a high severity escalation of privileges.

This general vulnerability implies 6 specific vulnerabilities and in addition to the large number of server processors that can be attacked, for what interests us here, you have to know that the Core 11 laptop and desktop (family 806C and 806D), the Core 12 desktopthe Intel Pentium Gold and Celeronsalso laptop and desktop (9067 and 906A families).

INTEL-SA-00767

There is only one vulnerability on Intel’s data sheet here, CVE-2022-38090, which is described as a security hole in some Intel processors with SGX that allows information disclosure. The only advantage here is that the attacker has to be physically present in order to access the information, so it’s a local thing.

The problem? That affects many ranges of processors, especially some with a certain amount of time and this means that manufacturers may no longer allocate resources to covering and patching their motherboards, ergo there would be no BIOS for many of them. To be specific, processors are affected Core 10 for laptops, Pentium Silver, Celeron J, Celeron N for desktops and laptops, and finally Core 9 for desktops in full.

The vulnerabilities extend from the hardware to the software, so it will be important to be attentive to the updates from the manufacturers and to the drivers that Intel launches, because in total the number of them exceeds the 31 commented reports, as there are within each one and as a rule more than one vulnerability that encompasses them.