Intel and AMD Patch 70 Vulnerabilities in Feb 2024 Update

Overview of February 2024 Chipmaker Security Advisories

In a coordinated security effort, industry giants Intel and AMD have released a substantial set of patches addressing a combined 70 vulnerabilities across their hardware and software ecosystems. According to SecurityWeek, these updates arrive as part of the February 2024 Patch Tuesday cycle, highlighting ongoing efforts to secure the silicon and firmware layers that underpin modern computing environments.

For SOC teams and system administrators, these disclosures represent a broad attack surface covering everything from client-side processors to enterprise-grade server infrastructure. While hardware-level CVE entries often require physical or local access, their impact on the integrity of the computing environment is profound, often bypassing traditional software-based security controls like EDR.

Intel Software and Firmware Vulnerabilities

Intel’s contribution to this month’s updates includes 41 vulnerabilities spread across 23 security advisories. The most critical issue addressed is CVE-2024-21841, which carries a CVSS score of 8.8. This vulnerability exists within the Intel OneMono software and stems from improper access control. If exploited, an unauthenticated attacker could achieve Privilege Escalation via network access. Organizations utilizing Intel’s software development kits and platform-specific utilities should review their deployments to determine how to detect CVE-2024-21841 exploit attempts through anomalous network traffic or unauthorized permission changes.

Beyond the software-level flaws, Intel addressed multiple firmware issues affecting various processor families. These vulnerabilities typically involve RCE risks or information disclosure if an attacker gains a foothold on the local system. The Intel February 2024 security advisory updates emphasize that while many of these flaws require authenticated access, they are prime candidates for use in the later stages of a targeted APT campaign to solidify persistence or move laterally through a network.

AMD Platform and SEV-SNP Security Fixes

AMD disclosed 29 vulnerabilities across four major advisories, focusing heavily on its server-grade features and peripheral controllers. A significant portion of these fixes concerns the AMD SPI (Serial Peripheral Interface) controller, notably CVE-2023-31355. This flaw involves improper access control that could allow a local attacker to bypass existing security boundaries, potentially leading to unauthorized firmware modifications.

AMD SEV-SNP Privilege Escalation Mitigation

Another critical area of focus for AMD is the Secure Nested Paging (SEV-SNP) feature, which is foundational for confidential computing in cloud environments. Vulnerabilities such as CVE-2024-21976 address scenarios where a malicious or compromised hypervisor could interfere with guest VM operations. Implementing the AMD SEV-SNP privilege escalation mitigation through updated microcode is essential for cloud service providers and organizations running multi-tenant workloads. These flaws, if left unaddressed, could allow a hypervisor to cause a denial-of-service or lead to data corruption within the protected guest environment.

Defender Recommendations and Strategic Mitigation

Hardware and firmware vulnerabilities present a unique challenge because they cannot be remediated through standard application patching. Instead, they require BIOS/UEFI updates provided by Original Equipment Manufacturers (OEMs) such as Dell, HP, and Lenovo.

Defenders should prioritize the following actions:

• Audit Hardware Inventory: Identify systems using affected Intel and AMD processor families, particularly those in high-trust or multi-tenant roles.
• Monitor OEM Channels: Establish a workflow to ingest BIOS and microcode updates as soon as they are validated by hardware vendors.
• Verify Integrity: Utilize SIEM logs to monitor for unusual firmware update activities or unauthorized attempts to access the SPI controller.
• Apply Software Patches: For Intel-specific software like OneMono, apply updates immediately to close network-accessible vectors.

Given the complexity of silicon-level threats, maintaining a Zero Trust architecture and ensuring that hardware remains a verified component of the security stack is the only way to mitigate the long-term risks posed by these foundational vulnerabilities.