IPDT on Windows 32-bit and 54-bit versions has a flaw that causes “improper access control”. While a bad actor would need local access to a machine, they could escalate privileges and cause a denial of service. “A potential security vulnerability in the Intel® Processor Diagnostic Tool may allow escalation of privilege, denial of service, or information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.” If you’re unfamiliar with the tool, it is used on Windows machines to verify the functionality of Intel CPUs and perform diagnostic checks. Despite being a local access vulnerability, Intel has rated the severity as high and given it a CVSS version 3 rating of 8.2. That’s because the chip giant says with local access, the bug is easy to exploit and create and attack from. A fix for Intel Processor Diagnostic Tool is available, bumping the service to version 4.1.2.34. This patch is available to users on Windows 10, Windows 8.1, Windows 7, and Windows Server 2008 R2, which incidentally is ending support this week.
Second Problem
Intel has also confirmed there is another flaw to be wary of. While not as dangerous as the IPDT problem, a medium-severity vulnerability is causing issues in the firmware for Intel’s SSD DC S4500 Series and SSD DC S4600 Series. “Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before SCV10150 may allow an unprivileged user to potentially enable escalation of privilege via physical access,” Intel says.