Intel lists 16 new BIOS vulnerabilities

A reminder to keep BIOS updated.

10/02/2022

Intel has published a security bulletin regarding 16 newly discovered BIOS vulnerabilities. Adding to 23 others from about a week ago, the latest discovery impacts five generations of Core products as well as a range of Xeon processors.

The flaws may allow attackers to use escalation of privilege, or denial of service while bypassing the operating system’s protection measures. CPUs from the 11th generation all the way back to the 6th are concerned, in addition to the Xeon W, E, and D families.

Intel is rating the severity for 10 of these vulnerabilities as high, four as medium, and two as low. All of them potentially give attackers access to sensitive data by hijacking the BIOS of affected machines.

These BIOS-related vulnerabilities are very effective, as they bypass pretty much any security measures installed on the machine’s OS. Fortunately, Intel describes all the latest discoveries as only applicable to attacks where the person has direct/local access to the computer. Prevention shouldn’t be a big deal for businesses that have at least a minimum control over their computer fleet.

Firmware updates are expected in the near future, with Intel advising users to update to the latest versions provided by the system manufacturer at the nearest opportunity.

The full list of affected products is as follows: