The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory concerning multiple vulnerabilities detected in Intel products.
These vulnerabilities affect a range of Intel software and hardware, including Intel GPA Software, Intel GPA Framework Software, Intel Server Products UEFI Firmware, and Intel Server Board Onboard Video Driver Software. The advisory warns that the vulnerabilities could be exploited by locally authenticated attackers to gain elevated privileges or initiate a denial of service (DoS) attack.
According to the advisory, the vulnerabilities arise from various technical flaws such as incorrect default permissions, uncontrolled search paths, and improper input validation. The threat classification for these vulnerabilities is significant, with a high potential for local privilege escalation. The vulnerabilities have been assigned Common Vulnerabilities and Exposures (CVEs), which include several entries like CVE-2023-24460, CVE-2024-21788, and CVE-2023-41961, among others.
PTA has recommended several precautionary measures to mitigate the potential risks associated with these vulnerabilities. Among these, it has advised organizations to ensure that users operate with the least privileges required for their job functions to limit damage in case of an account compromise. Comprehensive monitoring systems should be implemented to detect unusual activities that could signal the exploitation of these vulnerabilities. Additionally, the advisory emphasizes limiting both physical and network access to affected Intel products to trusted personnel, while recommending the use of multi-factor authentication (MFA).
Further recommendations from the advisory include conducting regular security audits and vulnerability assessments to identify weaknesses that could be exploited. PTA also stressed the importance of user education, particularly in relation to the dangers of privilege escalation attacks. Users are urged to avoid reusing passwords and to be vigilant against phishing attempts, which can be a vector for such attacks.
In response to the vulnerabilities, PTA has advised the deployment of Host Intrusion Detection Systems (HIDS) to monitor critical files and directories for unauthorized changes. This would provide early warnings in case of an exploitation attempt. Any incidents or suspicious activities should be reported to PTA via its CERT Portal and email, enabling the authority to take further action.
📢 For the latest Tech & Telecom news, videos and analysis join ProPakistani's WhatsApp Group now!
Follow ProPakistani on Google News & scroll through your favourite content faster!
Support independent journalism
If you want to join us in our mission to share independent, global journalism to the world, we’d love to have you on our side. If you can, please support us on a monthly basis. It takes less than a minute to set up, and you can rest assured that you’re making a big impact every single month in support of open, independent journalism. Thank you.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00831.html
useless. taks action or stop barking.
Has PTA ever done anything useful. It should restore internet in full and take complete rest. This will be useful for the people as well as PTA.
People working in PTA have shit idea about technology.
Who is running PTA ? So sorry to say such alerts are out of his capacity!
Internet is too slow these days..focus on that Sharks
Why should a telecom authority (REGULATOR) is concerned about hardware and it’s allied software? Even they are concerned what action can they take?