Islamabad, Sep 25: A Cyber Security Advisory has been released by the Pakistan Telecommunication Authority (PTA) regarding many vulnerabilities found in Intel products.
A variety of Intel devices and software are impacted by these vulnerabilities, including the Intel Server Products UEFI Firmware, Intel GPA Software, Intel GPA Framework Software, and Intel Server Board Onboard Video Driver Software.
The advisory alerts users to the possibility that locally authenticated attackers may use the vulnerabilities to launch a denial of service (DoS) attack or obtain elevated privileges.The advisory claims that a number of technical errors, including faulty input validation, uncontrolled search paths, and erroneous default permissions, are the root cause of the vulnerabilities.
These vulnerabilities have a high potential for local privilege escalation and a substantial threat classification. Common Vulnerabilities and Exposures (CVEs) have been ascribed to the vulnerabilities; some of the entries include CVE-2023-24460, CVE-2024-21788, and CVE-2023-41961, among others.
PTA has suggested a number of preventative steps to lessen the possible risks connected to these vulnerabilities. Among these, it has recommended to enterprises that, in order to minimize harm in the event of an account compromise, users operate with the minimum privileges necessary for their job functions.
It is recommended that comprehensive monitoring systems be put in place to identify any anomalous activity that would indicate the exploitation of these vulnerabilities. The advisory also suggests using multi-factor authentication (MFA) and stresses restricting physical and network access to impacted Intel equipment to trusted workers.
The alert also suggests performing frequent vulnerability assessments and security audits to find vulnerabilities that could be exploited. Additionally, PTA emphasized the value of user education, especially with regard to the risks associated with privilege escalation attacks. Users are advised not to reuse passwords and to watch out for phishing efforts, since they may serve as a conduit for these kinds of assaults.
PTA has recommended the installation of Host Intrusion Detection Systems (HIDS) to guard against unauthorized changes to important files and folders in response to the vulnerabilities.This would give early alerts in the event that someone tried to take advantage of you. To allow the authority to take further action, any events or suspicious actions should be reported to PTA by email and its CERT Portal.
