-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0188
                 Intel Processor Diagnostic Tool Advisory
                               10 July 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel Processor Diagnostic Tool
Operating System:     Windows
Impact/Access:        Increased Privileges     -- Existing Account
                      Denial of Service        -- Existing Account
                      Access Confidential Data -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-11133  
Member content until: Friday, August  9 2019

OVERVIEW

        Intel has discovered a vulnerability in Intel(R) Processor Diagnostic
        Tool before version 4.1.2.24 .[1]


IMPACT

        Intel has provided the following information regarding the 
        vulnerability:
        
        "Vulnerability Details:
        
        CVEID: CVE-2019-11133
        
        Description: Improper access control in the Intel(R) Processor 
        Diagnostic Tool before version 4.1.2.24 may allow an authenticated 
        user to potentially enable escalation of privilege, information 
        disclosure or denial of service via local access.
        
        CVSS Base Score: 8.2 High
        
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" [1]


MITIGATION

        Intel recommends that users update to the latest version. [1]


REFERENCES

        [1] Intel Processor Diagnostic Tool Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00268.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXSU5CGaOgq3Tt24GAQiROBAAsDiYjTfEyHc6JWk2EhGCdCfb+ACumHYa
QCskK2IautEnZRpnlIndt4gIAN3v1+V2PHOvjs1fuywsozijVLnsMLHmip7rzlyj
pN1rKac5w0ksTWS7HEYHLPKnk3yqE74umlbQUjZCswjpcd0HEAQtWLIXvRv0KKLn
OYqBvIBFjd8aTBhPBE0YbJVjIE7/xy0RX1r96aDlkUjY4JgMDLLb/HalIJWTQ3Dz
XRlGxSijRSusW9CXiBO6mIJv9jqOGFWYsXtBqlW28qoDlu4pcBI3f2fJrJd/Fve2
8vkklU5r56JFBhMCSTp8Dw+Z9vjOe5zEwKfVwm+AjHm5GpTPbvgZkl+NWxgWyGWG
8HrlSPM1kUT+57m7YhdIwZAVUSxBJl0ClHksKtiTS2rB7DRk7iB6MR6Sm1EuDj0U
wur+FXpUGDqosVwn0wgiEvEq4dr2+VgSvsIOmRTE5w9eZp9dCQmZZkbJfxNc8n1M
cmJLvXu8x1v7WVKuUn/HuoKzGweUDnJbyf4VUC+ghPQJ+fLM5naI8WFj2pJwhTQI
2+N+Vs0ooaUjwqjF7YJVCm4t6TaRPtFx6Ju5JdNv5b5Sn20TciLI6JZsK9NZE4yM
QErkf+Y2Aff2E/GoQy5+wGnD46mTausfG5WjqiKZc+KVmqKBoyoyV/1mr/8qTfER
maRZEi9BnGc=
=HkzV
-----END PGP SIGNATURE-----