Intel releases security updates to fix critical vulnerabilities in PMx driver

The bugs were discovered by firmware security vendor Eclypsium in August

Intel has released a security update to fix critical vulnerabilities in its PMx driver, which could enable attackers to gain near-total control over targeted Windows systems.

These vulnerabilities were discovered by firmware security vendor Eclypsium in August, as part of a project that aimed to review the general state of Windows kernel driver security.

At that time, the researchers disclosed nearly 40 bugs in kernel drivers from 17 hardware vendors, but refrained from releasing details about three vulnerabilities in Intel's drivers.

Intel released fixes for two issues impacting Intel Computing Improvement Programme and Intel Processor Identification Utility in the same month. However, the third vulnerability, which affected the 32- and 64-bit versions the PMx Driver (PMxDrv) and was somewhat more complex, took nearly three months to be fully fixed.

Intel's PMxDrv drivers are used in the chipmaker's detection tools to uncover other vulnerabilities. They are also used to update Intel-based BIOS firmware, which is loaded ahead of the Windows OS.

The researchers found that the PMx driver was extremely capable and enjoyed read/write access to various parts of the system hardware, including processor registers, physical memory, peripheral component interconnect bus, global descriptor table and interrupt descriptor table.

"This level of access can provide an attacker with near-omnipotent control over a victim device," Eclypsium researchers wrote in a blog post.

Intel has advised administrators and users to install patched versions of the drivers as earliest as possible as the capabilities of unpatched drivers can potentially be abused by attackers to reach deep into the kernel.

Intel has also updated its firmware for the Baseboard Management Controller (BMC), which is used for monitoring of computers and servers via separate channels.

The latest version fixes 14 vulnerabilities in multiple server and compute node products, many of which could allow attackers to launch denial of service attacks or disclose confidential information stored on the target system.

One critical vulnerability, which is indexed as CVE-2019-11171, could be exploited to cause heap corruption in the BMC firmware.

Eclypsium said its research into vulnerable drivers is ongoing, and that it is currently "working with additional vendors as part of our responsible disclosure process."

"Users and organisations should consider enabling Hypervisor-protected Code Integrity (HVCI) for devices that support the feature," it added.

"We will continue to analyse this important area and provide updates in coordination with affected vendors."