Attackers can attack Intel products and gain higher user rights. In such positions, further attacks are conceivable. In order to protect systems, the chip manufacturer has now released a lot of security updates for, among other things, Neural Compressor software and various firmware and drivers.
Advertisement
Critical security vulnerability
According to a warning, it is considered the most dangerous one “critical” Vulnerability (CVE-2024-22476) with top rating (CVSS Score 10 out of 10) in the AI tool Neural Compressor Software. Because data is not sufficiently checked, remote attackers can use specific requests without authentication and thus gain higher user rights The chip manufacturer does not currently explain how such an attack could occur.
Due to the critical classification, it can be assumed that systems will subsequently be completely compromised. The developers say the vulnerability is in the Version 2.5.0 to have closed.
More dangers
The majority of vulnerabilities in, among others, the UEFI firmware of servers, Secure Device Manager and Thunderbolt are with the threat level “high“. Attackers can use the gaps to carry out DoS attacks or access data that is actually sealed off.
There are even more security holes in Chipset Device Software, Media SDK and VTUne Profiler. Here too, DoS attacks can occur and information can leak.
A complete list of vulnerabilities, including the protected expenses, is too extensive for this report. As a result, admins should be in the Intel website security section Look around and find the entries that are relevant to you and install the security updates.
(of)