Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



Intel Software and Firmware Updates Patch 18 High-Severity Vulnerabilities

Intel has released software and firmware updates to address many vulnerabilities found in the company’s products.

The chipmaker last week released 22 security advisories, including seven that have an overall severity rating of “high.”

Intel has released software and firmware updates to address many vulnerabilities found in the company’s products.

The chipmaker last week released 22 security advisories, including seven that have an overall severity rating of “high.”

These advisories describe 18 high-severity vulnerabilities, most of which can be exploited for privilege escalation. Others can lead to information disclosure or a denial of service (DoS) condition. Exploitation of these flaws typically requires local access to the targeted device.

One advisory informs users that the BIOS firmware for some Intel processors is affected by 10 high-severity privilege escalation vulnerabilities.

Another advisory describes one serious security flaw that has been found in the Intel chipset firmware in Server Platform Services (SPS), Active Management Technology (AMT), and Power Management Controller (PMC).

High-severity issues have also been found in the Kernelflinger open source project, Intel Quartus Prime components, PROSet/Wireless WiFi and Killer WiFi products, and the AMT SDK, Setup and Configuration Software (SCS), and Management Engine BIOS eXtensions (MEBx).

The remaining advisories describe over a dozen medium- and low-severity vulnerabilities addressed by the company this month.

Some computer vendors, such as HPE, have also released advisories to inform their customers about some of the vulnerabilities affecting Intel hardware.

On one hand, considering that Intel software and firmware is widely deployed, these types of vulnerabilities could turn out to be useful to threat actors. On the other hand, CISA’s Known Exploited Vulnerabilities Catalog, which includes more than 370 flaws that have been exploited in attacks over the past decade, only mentions one Intel vulnerability (CVE-2017-5689).

Intel last year patched a total of 226 vulnerabilities in its products, and it has paid out an average of $800,000 per year through its bug bounty program since its launch in 2018. Two of the flaws patched in 2021 were rated “critical” and 52 were rated “high severity.”

Related: Intel CPU Vulnerability Can Expose Cryptographic Keys

Related: Intel Patches High-Severity Flaws in NUC 9 Extreme Laptops, Ethernet Linux Drivers

Related: Intel, VMware Join Patch Tuesday Parade

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet