SB2020111209 - Multiple vulnerabilities in Intel Thunderbolt DCH Drivers for Windows
Published: November 12, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2020-12325)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Protection Mechanism Failure (CVE-ID: CVE-2020-12324)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A local user can bypass implemented security restrictions and elevate privileges on the system.
3) Protection Mechanism Failure (CVE-ID: CVE-2020-12328)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures. A local administrator can bypass implemented security restrictions and gain access to sensitive information.
4) Insecure Default Variable Initialization (CVE-ID: CVE-2020-12327)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to insecure default variable initialization. A local administrator can gain unauthorized access to sensitive information on the system.
5) Improper Initialization (CVE-ID: CVE-2020-12326)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization. A local user can run a specially crafted application to enable information disclosure
Remediation
Install update from vendor's website.