In keeping with industry tradition, Intel released 41 security advisories, for over 90 vulnerabilities, yesterday on Patch Tuesday. The advisories covered flaws across Intel's world of products, primarily on the software side — including one maximum-level vulnerability in Intel Neural Compressor.
The "critical" severity vulnerability found in Neural Compressor received a CVSS score of 10.0, which is the maximum level of severity that can be awarded to a security risk. Intel's Neural Compressor is open to an escalation of privilege attack via remote access on all updates before the current release, which were rushed out for Patch Tuesday. Neural Compressor is not on most computers, but those with AI-engineering workflows should check their computers for the software. Neural Compressor is a tool for optimizing AI language models and decreasing size and increasing the speed of LLMs.
The remaining exploits have severity levels that range from medium to high. High-level exploits are found in the UEFI firmware of server products, Arc & Iris Xe Graphics software, and a random collection of Intel software products. The high-level flaws contain risks of privilege escalation attacks, DoS attacks, or information disclosure.
Medium-severity vulnerabilities were found in Meteor Lake Core Ultra processors and a large range of Intel's software line, including the Processor Diagnostic Tool, Graphics Performance Analyzers, and the Extreme Tuning Utility. Users who are concerned can rest assured that security updates have been rolled out for all vulnerabilities — but any listed software should be double-checked to ensure it is running the latest update. For the full list of vulnerabilities released this Patch Tuesday, take a look at Intel's Security Center.
Patch Tuesday is an industry-wide tradition in which major software and hardware manufacturers release the month's security updates on the second Tuesday of each month. This Patch Tuesday was particularly busy for Intel, which typically enjoys a fairly tame Patch Tuesday. We haven't reported on an Intel security fix of such high severity since Downfall in 2023.
Intel has been fighting for market dominance recently, as AMD continues its rise in market share as generations progress and AMD continues to beat Intel in performance.