Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0241
Intel Driver & Support Assistant Advisory
14 August 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel Driver & Support Assistant
Operating System: Windows
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11146 CVE-2019-11145
Member content until: Friday, September 13 2019
OVERVIEW
Intel has discovered a potential security vulnerability in Intel Driver
& Support Assistant. [1]
IMPACT
Intel has provided the following information regarding the
vulnerability:
"Summary:
A potential security vulnerability in Intel Driver & Support Assistant may
allow escalation of privilege, denial of service or information disclosure.
Intel is releasing software updates to mitigate this potential vulnerability.
Vulnerability Details:
CVEID: CVE-2019-11145
Description: Improper directory permissions for Intel Driver & Support
Assistant before 19.7.30.2 may allow an authenticated user to
potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEID: CVE-2019-11146
Description: Improper file verification in Intel Driver & Support
Assistant before 19.7.30.2 may allow an authenticated user to
potentially enable escalation of privilege via local access.
CVSS Base Score: 6.7 Medium
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" [1]
MITIGATION
Intel recommends that users of Intel Driver & Support Assistant
update to 19.7.30.2 or later. [1]
REFERENCES
[1] Intel Driver & Support Assistant Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXVOIn2aOgq3Tt24GAQjWpg/6AiRoAkcI3k2zdS7ZmPHvz6Jz1d7bB6JG
SmO42oOXDTDzd2ogf2P73vWLKXy0OZuWp2GWI6aIVFS2wzlBWJ4e7j3qx+xzBgiF
0wpBYhYVhObho/QcpwuldNgAix9kn0eCi6r69YkczWEEVZKZbP2tP+ed69WGnf4w
w97V2qBQ/zTMucF2MnVUUP1NhpjUzt7w2MW/SNAf3yF7XoTPYSyDl7btEnzuoaeE
NkwesEYCnTEoBx2yZhX29xA+Ip5sOH3GcI72o0BGk8B6RTOBEQhjQqduKJ/mXVti
psqJDT6cLVhrvOcThmumGnXIGjGBHiwR+UVGeDf2AfQXKDz62Bgz/pRQQ4Jjz4Wi
j+Tr2fzwdrn/swRL++k80qkj0WgXAzTbU81Q28AyV9O0cBbhKssl8AI6s010nDmG
iCMyAObOLXsHZO3IcppXi8V5QhivreLC2tREFPlVI4sWHAdZBE/GoVAzVdattSHp
E9ALFvb7pkQh5hmoIafjOYCsGUbEXLe0rehT+IbJB4wVm6hz8KP7rJ6J7IqJDPrZ
U6tmfFBZ3IFSPO1NcyhPkrmoZ/5ziOETsRPi0A5N7BGzykexe5y9++eo92rjvsl+
VvkNuwEB2KkXu3x4sp730o+1PLZWZ02L8SPoNdMuVEzqk9zJfvy8JxhxI9QHLpwS
XhzWnmWhEZE=
=HRuY
-----END PGP SIGNATURE-----