Intel’s January
2020 security update included six items with one rated high, four medium and one
as a low priority.

The most
important vulnerability is CVE-2019-14613 affecting Intel’s VTune Amplifier for
Windows and if left unpatched and exploited can allow escalation of privilege.
An update fixing the problem has been posted.

The medium CVE-2019-14615
affects a large number of Intel processors. The basic problem is insufficient
control flow in certain data structures for some processors with processor graphics
that can lead to information disclosure via local access. The update fixing the
issue has been made available.

CVE-2019-14600,
also rated medium, is an uncontrolled search path element that affects Intel
SNMP Subagent Stand-Alone Advisory for Windows. If exploited it could allow an
attacker to escalate privileges via local access.

Intel does
not have a patch for this problem but considers it dangerous enough that the
company is recommending those using SNMP Subagent Stand-Alone Advisory for
Windows discontinue use and uninstall the product as the company is pulling it
from the market.

The third medium
vulnerability is CVE-2019-14601 for Itel’s RWC 3 for Windows before version
7.010.009.000. The problem may allow an authenticated user to potentially
enable escalation of privilege via local access. A patch is available.

The final
medium issue is CVE-2019-14596, which is improper access control in the
installer for Intel Chipset Device Software INF Utility before version 10.1.18
possibly leading to a denial of service issue.

The final,
low-rate problem CVE-2019-14629, lies within Intel DAAL version 2020 Gold and
earlier and if left unpatched and exploited may allow an authenticated user to
potentially enable information disclosure. An update to DAAL is available.