Intel® Desktop Board Buffer Overflow Local Privilege Escalation

Summary:

Updated BIOS is available for Intel® Desktop Board products to correct a buffer overflow in the Bitmap processing code.

Description:

A buffer overflow in the Bitmap processing code for Intel® Desktop motherboards could potentially allow a local malicious attacker to perform a Denial Of Service or Privilege Escalation. Intel has released a BIOS update to mitigate this issue.

Affected products:

Intel® Desktop Board products:

DQ35JO, DQ35MP, DQ45CB, DQ45EK

Recommendations:

While Intel is not aware of any use of the vulnerabilities described in this advisory, Intel has made changes to the BIOS of Intel® Desktop Boards to mitigate this issue. It is highly recommended to apply these updates to affected motherboards.

To determine if you need this BIOS update check the BIOS version string. If the number is older than listed in the chart for your motherboard below you need to apply the update.

1. During boot, enter the BIOS setup by pressing F2.

2. Check the Main menu.

3. The 4-digit number after the ‘86A’ or ‘86I’ is the current BIOS version, as in this example: MQ96510H.86A.1663.2007.0319.1957

4. Press Escape to exit BIOS Setup

For the Intel products listed in the Affected Products table, Intel has made available updated BIOS per the table below. The updated BIOS is available at <http://www.intel.com/p/en_US/support&gt;. On the ‘Advanced Search’ line, enter the affected product name (for example DG33BU) and click Search Support. Click on the found product, make sure you’re under the support tab and select BIOS updates. Next click on the BIOS title, then follow the instructions on the download page for downloading and installing the BIOS update. Several options are available. For detailed instructions on updating your BIOS refer to <http://www.intel.com/support/motherboards/desktop/sb/CS-022312.htm&gt;.