Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00018
HistoryOct 05, 2009 - 12:00 a.m.

Intel® Desktop and Intel® Server Boards Privilege Escalation

2009-10-0500:00:00
Intel Security Center
www.intel.com
19
JSON

Summary:

Software running administrative (ring 0) privilege can under certain circumstances change code running in System Management Mode.

Description:

To mitigate reported privilege escalation issues, BIOS updates are available for specific Intel motherboards. These changes would help prevent a malicious user from modifying software that is run in System Management Mode (SMM). SMM is a privileged operating environment running outside of OS control. Malicious software running in this environment could therefore perform any number of operations. Administrative level privileges are required to exploit these issues.

Affected products:

Intel® Desktop Board products:

D5400XS, DX58SO, DX48BT2, DX38BT, DP45SG, DQ45CB, DQ45EK, DQ43AP, DB43LD, DG41MJ, DG41RQ, DG41TY, DG45ID, DG45FC, DG43NB, DP43TF, DQ35JO, DQ35MP, DG33BU, DG33FB, DG33TL, DG35EC, DP35DP, D945GSEJT, D945GCLF, D945GCLF2

Intel® Server Boards:

S3000 series, S3200 series S5000 series, S5400 series, S5500 series, and S7000 series server products.

Recommendations:

Recommendations:

While Intel is not aware of any use of the vulnerabilities described in this advisory, Intel has made changes to the BIOS firmware of select Intel Motherboards to mitigate these issues. It is highly recommended to apply these updates to affected motherboards. For the Intel products listed in the Affected Products table, Intel has made available updated BIOS firmware per the table below. The updated BIOS firmware is available at http://www.intel.com/products/motherboard/index.htm?iid=prod+prod_board. From this web page select “Downloads” near the top of the page. On the ‘Search Downloads’ line, enter the product name (for example DG33BU) and click search. Click on the found product, select your operating system and click ‘Go’. Next click on the BIOS title, then follow the instructions on the download page for downloading and installing the BIOS update. Several options are available. For detailed instructions on updating your Intel® Desktop BIOS refer to gttp://www.intel.com/support/motherboards/desktop/sb/CS-022312.htm. For Intel® Server Boards refer to the product release notes for your Intel® motherboard for detailed instructions.

How to tell if you need this update:

Intel® Desktop Motherboards:

  1. During boot, enter the BIOS setup by pressing F2.

  2. Check the Main menu.

  3. The 4-digit number after the ‘86A’ or ‘86I’ is the current BIOS version, as in this example: MQ96510H.86A.1663.2007.0319.1957 the BIOS version is 1663.

  4. If the version number shown is less than what’s listed in the table below you need to apply the latest BIOS.

  5. Press Escape to exit BIOS Setup

Intel® Server Motherboards:

  1. During boot, enter the BIOS setup by pressing F2.

  2. Check the Main menu.

  3. The 4-digit number prior to the date code is the current BIOS version, as in this example: S5500.86B.01.00.0037.05052009 the BIOS version is 0037.

  4. If the version number shown is less than what’s listed in the table below you need to apply the latest BIOS.

  5. Press Escape to exit BIOS Setup

JSON