Intel Fixes Vulnerabilities In Windows, Linux Graphics Drivers

Intel addressed 57 security vulnerabilities during this month’s Patch Tuesday, including high severity ones impacting Intel Graphics Drivers.

40 of them were found internally by Intel, while the other 17 were externally reported, almost all through Intel’s Bug Bounty program.

The security bugs are detailed in the 19 security advisories published by Intel on its Product Security Center, with security and functional updates being delivered to users through the Intel Platform Update (IPU) process.

Intel includes a list of all impacted products and recommendations for vulnerable products at the end of each advisory.

The company also provides contact details for users and researchers who want to report other security issues or vulnerabilities found in Intel branded technology or products.

“While you may be able to retrieve these updates direct from Intel, we recommend that you check with your system manufacturer for updates specific to your system,” Intel’s Director of Communications Jerry Bryant said. “Find links to system manufacturer support sites here.”

Also Read: Limiting Location Data Exposure: 8 Best Practices

February 2021 Intel Platform Update highlights

“The bulk of advisories this month are software driver updates for graphics components and firmware/software updates for ethernet components,” Intel’s Director of Communications Jerry Bryant said.

The vulnerability with the highest severity rating (8.8/10) is tracked as CVE-2020-0544 and it enables authenticated attackers to escalate privileges via local access.

The bug behind it is an insufficient control flow management issue in the kernel mode driver for some Intel graphics drivers prior to version 15.36.39.5145.

Intel graphics driver vulnerabilities patched this month affect multiple Intel processor generations up to the 10th generation, codenamed Comet Lake, and impact several Windows and Linux driver versions.

On Tuesday, Apple also released security updates that fix two arbitrary code execution vulnerabilities in Intel graphics drivers.

Intel microcode updates for Windows

Microsoft has also released Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix issues impacting current and previously released Windows 10 versions.

These microcode updates are offered to affected devices via Windows Update but they can also be manually downloaded directly from the Microsoft Catalog using these links:

• KB4589212: Intel microcode updates for Windows 10, version 2004 and 20H2, and Windows Server, version 2004 and 20H2
   • KB4589211: Intel microcode updates for Windows 10, version 1903 and 1909, and Windows Server, version 1903 and 1909
   • KB4589208: Intel microcode updates for Windows 10, version 1809 and Windows Server 2019
   • KB4589206: Intel microcode updates for Windows 10, version 1803
   • KB4589210: Intel microcode updates for Windows 10, version 1607 and Windows Server 2016
   • KB4589198: Intel microcode updates for Windows 10, version 1507

Also Read: 10 Practical Benefits of Managed IT Services

However, it is important to mention that similar updates are known to have caused system hangs and performance issues on older CPUs in the past due to the way the issues were mitigated.