14 August 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0241 Intel Driver & Support Assistant Advisory 14 August 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Driver & Support Assistant Operating System: Windows Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-11146 CVE-2019-11145 Member content until: Friday, September 13 2019 OVERVIEW Intel has discovered a potential security vulnerability in Intel Driver & Support Assistant.  IMPACT Intel has provided the following information regarding the vulnerability: "Summary: A potential security vulnerability in Intel Driver & Support Assistant may allow escalation of privilege, denial of service or information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-11145 Description: Improper directory permissions for Intel Driver & Support Assistant before 188.8.131.52 may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.7 Medium CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVEID: CVE-2019-11146 Description: Improper file verification in Intel Driver & Support Assistant before 184.108.40.206 may allow an authenticated user to potentially enable escalation of privilege via local access. CVSS Base Score: 6.7 Medium CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"  MITIGATION Intel recommends that users of Intel Driver & Support Assistant update to 220.127.116.11 or later.  REFERENCES  Intel Driver & Support Assistant Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00276.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXVOIn2aOgq3Tt24GAQjWpg/6AiRoAkcI3k2zdS7ZmPHvz6Jz1d7bB6JG SmO42oOXDTDzd2ogf2P73vWLKXy0OZuWp2GWI6aIVFS2wzlBWJ4e7j3qx+xzBgiF 0wpBYhYVhObho/QcpwuldNgAix9kn0eCi6r69YkczWEEVZKZbP2tP+ed69WGnf4w w97V2qBQ/zTMucF2MnVUUP1NhpjUzt7w2MW/SNAf3yF7XoTPYSyDl7btEnzuoaeE NkwesEYCnTEoBx2yZhX29xA+Ip5sOH3GcI72o0BGk8B6RTOBEQhjQqduKJ/mXVti psqJDT6cLVhrvOcThmumGnXIGjGBHiwR+UVGeDf2AfQXKDz62Bgz/pRQQ4Jjz4Wi j+Tr2fzwdrn/swRL++k80qkj0WgXAzTbU81Q28AyV9O0cBbhKssl8AI6s010nDmG iCMyAObOLXsHZO3IcppXi8V5QhivreLC2tREFPlVI4sWHAdZBE/GoVAzVdattSHp E9ALFvb7pkQh5hmoIafjOYCsGUbEXLe0rehT+IbJB4wVm6hz8KP7rJ6J7IqJDPrZ U6tmfFBZ3IFSPO1NcyhPkrmoZ/5ziOETsRPi0A5N7BGzykexe5y9++eo92rjvsl+ VvkNuwEB2KkXu3x4sp730o+1PLZWZ02L8SPoNdMuVEzqk9zJfvy8JxhxI9QHLpwS XhzWnmWhEZE= =HRuY -----END PGP SIGNATURE-----