LASER_oneXM

Level 33
Verified
Overall, the chip giant patched five vulnerabilities across an array of its products.

Intel on Tuesday patched three high-severity vulnerabilities that could allow the escalation of privileges across an array of products. Overall, the chip giant fixed five bugs – three rated high-severity, and two medium-severity.

The most concerning of these bugs is an escalation-of-privilege glitch in Intel’s PROset/Wireless Wi-Fi software, which is its wireless connection management tool. The vulnerability, CVE-2018-12177, has a “high” CVSS score of 7.8, according to Intel’s update.

“Intel is releasing software updates to mitigate this potential vulnerability,” it said, urging users to update to version 20.90.0.7 or later of the software.
The vulnerability, reported by Thomas Hibbert of Insomnia Security, stems from improper directory permissions plaguing the software’s ZeroConfig service in versions before 20.90.0.7.

The issue could allow an authorized user to potentially enable escalation of privilege via local access.