CVE-2018-3667

Installation tool IPDT Intel Processor Diagnostic Tool 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation...

CVE-2018-3668

Unquoted service paths in Intel Processor Diagnostic Tool IPDT before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code...

Code injection

Unquoted service paths in Intel Processor Diagnostic Tool IPDT before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code...

CVE-2018-3667

CVE-2018-3667 affects Intel IPDT (Intel Processor Diagnostic Tool) version 4.1.0.24, where the installation tool incorrectly sets permissions on installed files. This misconfiguration can enable execution of arbitrary code and elevate privileges on the host. Public sources in the provided set des...

CVE-2018-3668

Unquoted service paths in Intel Processor Diagnostic Tool IPDT before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code...

CVE-2018-3668

CVE-2018-3668 concerns Intel’s Processor Diagnostic Tool (IPDT). Connected sources confirm an elevation of privilege via an unquoted service path in IPDT before version 4.1.0.27, allowing a local attacker to potentially execute arbitrary code. Affected software: IPDT prior to 4.1.0.27 (Windows en...

Intel Processor Diagnostic Tool (IPDT) Privilege Escalation Vulnerability

Intel Processor Diagnostic Tool IPDT versions prior to 4.1.0.27 suffer from three code execution and privilege escalation vulnerabilities. Hi @ll, the executable installers of Intel's Processor Diagnostic Tool IPDT before v4.1.0.27 have three vulnerabilities^Wbeginner's errors which all allow...

powerpc and Intel i386 GNU C Library Integer Overflow Vulnerability

The powerpc is a compact instruction set architecture CPU central processing unit.The Intel i386 is an x86 series CPU central processing unit from Intel Corporation.The GNU C Library aka glibc, libc6 is one of the open source, freeware C language compilers released under the LGPL license. An...

microcode_ctl security update

CentOS Errata and Security Advisory CESA-2018:0093 The microcodectl packages provide microcode updates for Intel and AMD processors. This update supersedes microcode provided by Red Hat with the CVE-2017-5715 “Spectre” CPU branch injection vulnerability mitigation. Historically, Red Hat has...

Oracle Critical Patch Update - January 2018

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

(RHSA-2018:0040) Important: microcode_ctl security update

The microcodectl packages provide microcode updates for Intel and AMD processors. Security Fixes: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary...

Important kernel update: CVE-2017-8824 and other; Virtuozzo ReadyKernel patch 39.1 for Virtuozzo 7.0.6

The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernel 3.10.0-693.1.1.vz7.37.30 Virtuozzo 7.0.6. Vulnerability id: CVE-2017-8824 dccpdisconnect set the socket state to DCCPCLOSED but did not properly free some of the resourc...

Intel Confirms Its Much-Loathed ME Feature Has A Kill Switch

Researchers at Positive Technologies forced Intel’s hand at revealing that a previously undocumented kill switch exists for its oft-criticized Intel Management Engine, a remote management component of Intel CPUs. Initially, Positive Technologies set out to disable the feature that some security...

The Intel processor is now a security vulnerability: it can be used by hackers as a backdoor-a vulnerability warning-the black bar safety net

Recently, in Moscow security research Positive Technologies report notes that the Intel Management Engine 11 There is the death of button, can be used by hackers to steal. Management Engine Management Engine is Intel a Firmware Interface for processors and peripheral chip for communication, therm...

New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company's latest and secure operating system, Windows 10. Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely...

USN-3186-1: iucode-tool vulnerability

It was discovered that iucode-tool incorrectly handled certain microcodes when using the -tr loader. If a user were tricked into processing a specially crafted microcode, a remote attacker could use this issue to cause iucode-tool to crash, resulting in a denial of service, or possibly execute...

Microsoft Windows Kernel - win32k.sys NtSetWindowLongPtr Local Privilege Escalation (MS16-135) (1)

Microsoft Windows Kernel - win32k.sys NtSetWindowLongPtr Local Privilege Escalation MS16-135 1 Complete Proof of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/40823.zip Presentation:...

Microsoft Windows Kernel - 'win32k.sys NtSetWindowLongPtr' Local Privilege Escalation (MS16-135) (1)

Complete Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40823.zip Presentation: https://www.exploit-db.com/docs/english/40822-i-know-where-your-page-lives---de-randomizing-the-latest-windows-10-kernel.pdf I Know Where Your Page Lives:...

Microsoft Windows Kernel win32k.sys - 'NtSetWindowLongPtr' Privilege Escalation (MS16-13

Exploit for windows platform in category local exploits Complete Proof of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/40823.zip I Know Where Your Page Lives: Derandomizing the latest Windows 10 Kernel - ZeroNights 2016 Requirements Intel Processo...

Google to Launch 'Andromeda OS' — An Android-Chrome OS Hybrid

Google's long-rumored Android-Chrome hybrid operating system is expected to debut at the company's upcoming hardware event on October 4. The company has been working to merge the two OSes for roughly 3 years with a release planned for 2017, but an "early version" to show things off to the world i...