Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0188
Intel Processor Diagnostic Tool Advisory
10 July 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel Processor Diagnostic Tool
Operating System: Windows
Impact/Access: Increased Privileges -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11133
Member content until: Friday, August 9 2019
OVERVIEW
Intel has discovered a vulnerability in Intel(R) Processor Diagnostic
Tool before version 4.1.2.24 .[1]
IMPACT
Intel has provided the following information regarding the
vulnerability:
"Vulnerability Details:
CVEID: CVE-2019-11133
Description: Improper access control in the Intel(R) Processor
Diagnostic Tool before version 4.1.2.24 may allow an authenticated
user to potentially enable escalation of privilege, information
disclosure or denial of service via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" [1]
MITIGATION
Intel recommends that users update to the latest version. [1]
REFERENCES
[1] Intel Processor Diagnostic Tool Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXSU5CGaOgq3Tt24GAQiROBAAsDiYjTfEyHc6JWk2EhGCdCfb+ACumHYa
QCskK2IautEnZRpnlIndt4gIAN3v1+V2PHOvjs1fuywsozijVLnsMLHmip7rzlyj
pN1rKac5w0ksTWS7HEYHLPKnk3yqE74umlbQUjZCswjpcd0HEAQtWLIXvRv0KKLn
OYqBvIBFjd8aTBhPBE0YbJVjIE7/xy0RX1r96aDlkUjY4JgMDLLb/HalIJWTQ3Dz
XRlGxSijRSusW9CXiBO6mIJv9jqOGFWYsXtBqlW28qoDlu4pcBI3f2fJrJd/Fve2
8vkklU5r56JFBhMCSTp8Dw+Z9vjOe5zEwKfVwm+AjHm5GpTPbvgZkl+NWxgWyGWG
8HrlSPM1kUT+57m7YhdIwZAVUSxBJl0ClHksKtiTS2rB7DRk7iB6MR6Sm1EuDj0U
wur+FXpUGDqosVwn0wgiEvEq4dr2+VgSvsIOmRTE5w9eZp9dCQmZZkbJfxNc8n1M
cmJLvXu8x1v7WVKuUn/HuoKzGweUDnJbyf4VUC+ghPQJ+fLM5naI8WFj2pJwhTQI
2+N+Vs0ooaUjwqjF7YJVCm4t6TaRPtFx6Ju5JdNv5b5Sn20TciLI6JZsK9NZE4yM
QErkf+Y2Aff2E/GoQy5+wGnD46mTausfG5WjqiKZc+KVmqKBoyoyV/1mr/8qTfER
maRZEi9BnGc=
=HkzV
-----END PGP SIGNATURE-----