CVE-2022-21166 Incomplete cleanup of some Intel Processors register write operations may allow local access.

CVE-2022-21166 Incomplete cleanup of some Intel Processors register write operations may allow local access.

Depending on the nature of the operation, an attacker may be able to view information in other processes via the IA32_PTR_VLE (user level exception) instruction. An attacker must have local access and be authenticated.

Intel has released ME version 9.5.4 to correct this issue. Please download and install the update.

CVE-2018-3620: Vinculum - a security feature of the Intel(R) vPro(R) technology, may allow an unprivileged user to potentially bypass information disclosure via local access.

Depending on how an authenticated user programs his/her system, an authenticated user may be able to potentially view information in other processes via the VINC (virtual channel) instruction. An attacker must have local access and be authenticated.

Intel has released ME version 9.5.4 to correct this issue. Please download and install the update.

CVE-2018-3621: A vulnerability in the vPro(R) component of the Intel(R) vPro(R) Technology for Windows(R) may allow an unprivileged user to potentially bypass user mode information disclosure via local access.

Depending on how an authenticated user programs his/her system, an authenticated user may be able to potentially view information in other processes via the VPRO (virtual production operator) instruction. An attacker must have local access and be authenticated.

Intel has released ME version 9.5.4

Intel(R) vPro(R) Technology - A New Intel(R) Security Feature

Intel(R) vPro(R) Technology is a new feature of the Intel(R) vPro(R) processor, designed to allow security administrators to remotely manage and secure PCs while they are in use, even if they are not physically close by.
Intel(R) vPro(R) Technology is a fully integrated security feature that offers remote management and security features for PCs. It includes the following components:
- Platform Security Controller (PSC)--the Intel(R) vPro(R) Hardware-Based Root of Trust
- Management Engine--a device controller and firmware that resides on the PC motherboard or in a PCI Express slot.
- Integrated Trusted Platform Module (iTPM)--a tamper resistant hardware module residing on the PC motherboard or in a PCI Express slot.
- Security Processor--a unique CPU that runs a proprietary operating system with an embedded OS and code integrity capabilities

Section III

.

3) How to Avoid Social Media Marketing Fails

Many small businesses have a difficult time marketing effectively on social media. There are many reasons for this, such as lack of time, skills, or expertise. One strategy that stands out is using pictures in your ad campaigns. People are more likely to click through when they see something visually appealing than if they see text only.

Intel-SA-00086: Intel(R) Management Engine Interface Privilege Escalation Vulnerability


Intel has released ME version 9.5.4 to correct this issue. Please download and install the update.

What to do if you are affected?

If your system has been updated with ME version 9.5.4, you do not need to take any action. If your system has not updated to ME version 9.5.4, please download and install the update by clicking on Update now found here:
https://downloadcenter.intel.com/download/26392
To determine if your system is susceptible to the described vulnerabilities, please visit:
https://csrc.nist.gov/groups/CCM-147/cves

How to check if you are running the latest version?

Download and install the Intel Security Integrated Management Engine (ISM) software to update your ME version.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe