Intel is warning of a high-severity vulnerability in its performance analysis tool called Intel VTune Profiler. If exploited the flaw allows an adversary to perform a privilege escalation attack, giving them elevated and unauthorized system access to a targeted system.
The VTune Profiler, formerly known as the VTune Amplifier, is a software performance analysis application for serial and multithreaded application developers. While the application supports Windows, Linux, and Android platforms, Intel said that versions of the Intel VTune Profiler for Windows before update 8 are affected.
“Improper access control in driver for Intel VTune Amplifier for Windows before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access,” according to an Intel security update.
The vulnerability (CVE-2019-14613), discovered internally by Intel, has a CVSS score of 8.2 out of 10, making it high severity. Intel urged users to update to Intel VTune Profiler for Windows to update 8, which was released Nov. 22, 2019.
As part of its regularly-scheduled updates, Intel also released patches addressing four “medium” severity flaws and one “low” severity vulnerability.
Other Flaws
One of these is a medium-severity denial-of-service vulnerability (CVE-2019-14615) in Intel’s graphics processors – including its Core, Xeon, Pentium, Celeron and Atom brands – that could enable information disclosure (a full list of affected chipsets are here).
The vulnerability stems from “insufficient control flow in certain data structures” of some processors, and could be exploited by an unauthenticated user with local access.
Another medium-severity vulnerability (CVE-2019-14600) exists in the installer of the Intel SNMP Subagent Stand-Alone for Windows, a tool that allows users to communicate using Simple Network Management Protocol (SNMP) with the Subagent on the managed server. The flaw, which stems from the uncontrolled search path element, may allow an escalation of privilege. Instead of issuing a fix, Intel said that it will discontinue the product and recommended that users “uninstall it or discontinue use at their earliest convenience.”
Intel also patched a medium-severity flaw in the Intel RAID Web Console (RWC) 3 for Windows, which enables users to configure the Intel RAID Controllers (the card or chip located between the operating system and the storage drives) and disk drives installed on a system. The flaw (CVE-2019-14601) stems from improper permissions in the installer of RWC and could potentially enable escalation of privilege via local access. Intel recommends updating RWC 3 for Windows to version 7.010.009.000 or later.
Other flaws include an information disclosure flaw in the Intel Chipset Device Software INF Utility (CVE-2019-14596) and low-severity flaw in the Intel Data Analytics Acceleration Library that could enable information disclosure (CVE-2019-14629).
The patches come a month after Intel disclosed a new attack in December impacting modern Intel CPUs, which could allow an attacker to extract highly-sensitive information – such as encryption keys – from affected processors by altering their voltage. The attack, dubbed “Plundervolt,” centers around Intel Software Guard Extensions (SGX), a set of security-related instruction codes that are built into Intel CPUs. Intel SGX shields sensitive data – such as AES encryption keys – inside “enclaves,” which are physically separate from other CPU memory and are protected by software encryption.
Concerned about mobile security? Check out our free Threatpost webinar, Top 8 Best Practices for Mobile App Security, on Jan. 22 at 2 p.m. ET. Poorly secured apps can lead to malware, data breaches and legal/regulatory trouble. Join our experts to discuss the secrets of building a secure mobile strategy, one app at a time. Click here to register.
