Intel has warned of a serious security vulnerability in its Processor Diagnostic Tool software which allows for privilege escalation, denial of service (DoS), and information disclosure attacks.

Designed exclusively for Windows systems running on Intel hardware, the Intel Processor Diagnostic Tool does exactly what it says on the tin: It verifies that the system processor is a genuine part and functioning correctly, testing out specific features as well as performing a more general stress test. At the end of the run, a simple message is displayed: PASS for those systems which are operating as expected, and FAIL for any abnormal results. The tool is popular with system builders, resellers, and traders in second-hand goods, though isn't usually the first choice for an end-user looking to validate the stability of their system.

Which is just as well, really, as Intel has warned of a serious security vulnerability in the utility. Improper access control systems within the software, the company has warned, allow for a range of attacks to be carried out: Escalation of privilege, where an otherwise unprivileged compromised account can gain administrative privileges over the system; denial of service (DoS) attacks, where the system can be brought to a standstill; and information disclosure, the most severe of all flaws in which an attacker can use the vulnerability to obtain access to otherwise private data.

Discovered by Eclypsium researcher Jesse Michael, the vulnerability has been resolved in Intel Processor Diagnostic Tool in both 32-bit and 64-bit releases. Those who run the software are advised to upgrade as soon as possible, using the downloads on the Intel website. More information is available from Intel's official security advisory.

At the same time, Intel has published a second security advisory for a flaw in the firmware of its Intel SSD DC S4500 and S4600 solid-state drive families, allowing for privilege escalation attacks. An update is, again, available now.

Discuss this in the forums
Mod of the Month November 2020 in Association with Corsair

December 11 2020 | 17:30