Intel issues advisories for 90 security vulnerabilities — includes critical level 10 for AI tools

News
By
published

An exciting Patch Tuesday for Intel.

Intel Core CPU
(Image credit: Intel)

In keeping with industry tradition, Intel released 41 security advisories, for over 90 vulnerabilities, yesterday on Patch Tuesday. The advisories covered flaws across Intel's world of products, primarily on the software side — including one maximum-level vulnerability in Intel Neural Compressor.

The "critical" severity vulnerability found in Neural Compressor received a CVSS score of 10.0, which is the maximum level of severity that can be awarded to a security risk. Intel's Neural Compressor is open to an escalation of privilege attack via remote access on all updates before the current release, which were rushed out for Patch Tuesday. Neural Compressor is not on most computers, but those with AI-engineering workflows should check their computers for the software. Neural Compressor is a tool for optimizing AI language models and decreasing size and increasing the speed of LLMs.

The remaining exploits have severity levels that range from medium to high. High-level exploits are found in the UEFI firmware of server products, Arc & Iris Xe Graphics software, and a random collection of Intel software products. The high-level flaws contain risks of privilege escalation attacks, DoS attacks, or information disclosure. 

Medium-severity vulnerabilities were found in Meteor Lake Core Ultra processors and a large range of Intel's software line, including the Processor Diagnostic Tool, Graphics Performance Analyzers, and the Extreme Tuning Utility. Users who are concerned can rest assured that security updates have been rolled out for all vulnerabilities — but any listed software should be double-checked to ensure it is running the latest update. For the full list of vulnerabilities released this Patch Tuesday, take a look at Intel's Security Center.

Patch Tuesday is an industry-wide tradition in which major software and hardware manufacturers release the month's security updates on the second Tuesday of each month. This Patch Tuesday was particularly busy for Intel, which typically enjoys a fairly tame Patch Tuesday. We haven't reported on an Intel security fix of such high severity since Downfall in 2023. 

Intel has been fighting for market dominance recently, as AMD continues its rise in market share as generations progress and AMD continues to beat Intel in performance.

Dallin Grimm
Dallin Grimm
Contributing Writer

Dallin Grimm is a contributing writer for Tom's Hardware. He has been building and breaking computers since 2017, serving as the resident youngster at Tom's. From APUs to RGB, Dallin has a handle on all the latest tech news. 

3 Comments Comment from the forums
  • Unolocogringo
    Go Intel :homer:
    Reply
  • rluker5
    "Users who are concerned can rest assured that security updates have been rolled out for all vulnerabilities"
    It's good that there are fixes for all of them. They sound like mostly software issues, some fixed a while ago.

    Like XTU was fixed no later than Oct-8-2023, Arc drivers no later than Dec-15-2023, Intel Proset wireless& bluetooth on Jan 10th - 2024, some old chipset installation utility fixed on April 10 - 2023, Intel graphics command was fixed before the Arc driver was.

    I'm going by when the fixed software was available for download by searching for it. It might have been available earlier than some site like Techspot posted the download, but probably not by too much.

    These are all that I could think might affect me, long fixed, maybe somebody is just doing some security reporting housekeeping.
    Reply
  • Pierce2623
    rluker5 said:
    "Users who are concerned can rest assured that security updates have been rolled out for all vulnerabilities"
    It's good that there are fixes for all of them. They sound like mostly software issues, some fixed a while ago.

    Like XTU was fixed no later than Oct-8-2023, Arc drivers no later than Dec-15-2023, Intel Proset wireless& bluetooth on Jan 10th - 2024, some old chipset installation utility fixed on April 10 - 2023, Intel graphics command was fixed before the Arc driver was.

    I'm going by when the fixed software was available for download by searching for it. It might have been available earlier than some site like Techspot posted the download, but probably not by too much.

    These are all that I could think might affect me, long fixed, maybe somebody is just doing some security reporting housekeeping.
    Intel releases this every month. Lots of companies do a rollout on patch Tuesday.
    Reply