Hey Checkyourlogs Fans,
On November 16th a CVE was issued for Intel Chipset Device Software Version prior to 10.1.19444.8378.
Microsoft Defender Endpoint is reporting on this as well and it is immediately advised to update your intel servers.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28388
If you are running Veeam Backup Targets on Windows you would treat this as any other Firmware Update.
If you are updating S2D Cluster (Storage Spaces Direct) also treat this as any other firmware or driver update.
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00870.html
Details from intel available above including a link to download the latest version.
Because of the wide impact it is advised they you include this update in your Patch Tuesday updates for December 2023 as it will require a reboot.
BIG NOTE –> The link above from Intel provides a link to the desktop version. You will need the Server Version
https://www.intel.com/content/www/us/en/download/19022/intel-server-chipset-driver-for-windows-for-intel-server-boards-and-systems-based-on-intel-62x-chipset.html
Thanks,
Dave