Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detected a serious BIOS vulnerability, affecting many Intel processors
Intel has discovered two critical vulnerabilities affecting many of its processor product lines. Hackers can exploit these vulnerabilities to gain higher privileges on the victim's device.
Initially, the two vulnerabilities were discovered by SentinelOne and assigned the tracking codes CVE-2021-0157 and CVE-2021-0158. Both were rated as hazardous with a CVSS score of 8.2.
The first vulnerability is related to insufficient control flow management in the BIOS firmware with some Intel processors. Meanwhile, the second vulnerability relies on incorrect input validation on the same component.
Although it can lead to privilege escalation attacks, hackers can only exploit these vulnerabilities when they have direct access to the vulnerable system.
According to Intel, the list of affected products includes:
- Intel® Xeon® Processor E Family
- Intel® Xeon® Processor E3 v6 Family
- Intel® Xeon® Processor W Family 3rd Generation
- Intel® Xeon® Scalable Processors 11th Generation
- Intel® Core™ Processors 10th Generation
- Intel® Core™ Processors 7th Generation Intel® Core™ Processors
- Intel® Core™ X-series Processors
- Intel® Celeron® Processor N Series
- Intel® Pentium® Silver Processor Series
Intel has not yet shared details about the newly discovered vulnerabilities. However, the company recommends that users patch the vulnerabilities soon by updating the BIOS to the latest version.
With new motherboards users will easily find BIOS updates. However, for motherboards that are 5 years old or more, it is unlikely that an update will be available to patch the newly discovered vulnerabilities.
If this is the case, set a strong BIOS password to prevent bad guys from accessing and exploiting vulnerabilities.
In addition, Intel has also issued a separate security advisory for the third vulnerability, CVE-2021-0146. This is also a critical vulnerability with a CVSS score of 7.2.
CVE-2021-0146 also allows an attacker to perform privilege escalation if they have direct access to the victim's system. Hackers can exploit CVE-2021-0146 to attack computers, laptops and even cars using Intel chips like Tesla Model 3.
Intel has now rolled out the patch for CVE-2021-0146, and users will receive it through device manufacturers.
Kareem WintersYou should read it
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- Specter V2 vulnerability re-appears to attack Intel, Arm CPUs, AMD chips are not affected
- Instructions for entering BIOS on different computers
- Found an 'unpatchable' flaw in Intel CPUs
- Detecting an 8-year-old security flaw, affecting 150 HP printer models
- What to do to protect the device from ZombieLoad attack?
- 5 tips for using the BIOS to help you master your computer
- Why Intel killed the BIOS, switched to UEFI?
May be interested
- 5 tips for using the BIOS to help you master your computer
most computer users often don't care much about the bios. however, when the problem occurs, you need to tweak a setting and don't know how. you will wonder what the bios is? really need to know about it? - Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stickthe newly discovered vulnerability is called follina and currently there is no official patch from microsoft.
- Instructions for entering BIOS on different computersbios (short for basic input / output system - basic input / output system) is the place that contains many groups of commands stored on the motherboard's firmware chip to control basic features of the computer.
- The new vulnerability on Intel allows hackers to take control of your computer within 30 secondswhile intel's meltdown and specter vulnerabilities have not been completely overcome, the world faces a new security vulnerability that allows hackers to take complete control of the user's device and attack time within 30 seconds.
- Found an 'unpatchable' flaw in Intel CPUsinternational security researchers have identified a critical flaw that exists in intel cpus.
- Intel Lunar Lake processors will be available in the third quarter of 2024after the success of intel core ultra processors, the company has finally revealed the launch date of its lunar lake ai processor line.
- Another serious memory leak discovered in Intel chipscomputer scientists at eth zurich university (switzerland) have just discovered a serious vulnerability in intel processors, allowing hackers to steal sensitive data by exploiting the chip's speculative execution mechanism.
- Lenovo updates BIOS to patch security holes for hundreds of device modelschinese computer maker lenovo has just released a security advisory to warn of several high-severity bios vulnerabilities.
- Detected a security flaw in Lenovo's UEFI firmware, affecting 100 laptop modelsusers who are using affected laptop models should update to the latest firmware to be on the safe side.
- Concept of UEFI standard in computersuefi (unified extensible firmware interface) was developed by intel to address the weaknesses of the bios as well as replace the old and aging bios standard. of course it will be much more powerful than the bios and is really useful for things like overclocking.
Security solution
- Mysterious malware threatens millions of routers and IoT devices
- App Installer on Windows 10 was used to install BazarLoarder malware
- AMD patched a series of security holes in the graphics driver for Windows 10
- How to use the Microsoft Authenticator app
- How Can Zero-Trust Security Prevent Ransomware Attacks?
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
Mysterious malware threatens millions of routers and IoT devices
App Installer on Windows 10 was used to install BazarLoarder malware
AMD patched a series of security holes in the graphics driver for Windows 10
How to use the Microsoft Authenticator app
How Can Zero-Trust Security Prevent Ransomware Attacks?
Microsoft urges Admin to patch PowerShell vulnerability on Windows