Intel has published a security bulletin regarding 16 newly discovered BIOS vulnerabilities. Adding to 23 others from about a week ago, the latest discovery impacts five generations of Core products as well as a range of Xeon processors.
The flaws may allow attackers to use escalation of privilege, or denial of service while bypassing the operating system’s protection measures. CPUs from the 11th generation all the way back to the 6th are concerned, in addition to the Xeon W, E, and D families.
Intel is rating the severity for 10 of these vulnerabilities as high, four as medium, and two as low. All of them potentially give attackers access to sensitive data by hijacking the BIOS of affected machines.
These BIOS-related vulnerabilities are very effective, as they bypass pretty much any security measures installed on the machine’s OS. Fortunately, Intel describes all the latest discoveries as only applicable to attacks where the person has direct/local access to the computer. Prevention shouldn’t be a big deal for businesses that have at least a minimum control over their computer fleet.
Firmware updates are expected in the near future, with Intel advising users to update to the latest versions provided by the system manufacturer at the nearest opportunity.
The full list of affected products is as follows:
- 2nd Generation Intel Xeon Scalable Processor Family
- Intel Xeon Scalable Processor Family
- Intel Xeon Processor W Family
- Intel Xeon Processor E Family
- Intel Xeon Processor D Family
- 11th Generation Intel Core Processor Family
- 10th Generation Intel Core Processor Family
- 9th Generation Intel Core Processor Family
- 8th Generation Intel Core Processor Family
- 7th Generation Intel Core Processor Family
- 6th Generation Intel Core processor Family
- Intel Core X-series Processor Family
- Intel Atom Processor C3XXX Family.