Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0350 Intel SCS Platform Discovery UtilityAdvisory vulnerabilities 12 December 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel SCS Platform Discovery UtilityAdvisory Operating System: Windows Impact/Access: Increased Privileges -- Existing Account Resolution: Mitigation CVE Names: CVE-2019-14605 Member content until: Saturday, January 11 2020 OVERVIEW Intel has discovered vulnerabilities in all versions of Intel SCS Platform Discovery UtilityAdvisory. [1] IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "INTEL-SA-00312 The latest security information on Intel products. Intel SCS Platform Discovery Utility Advisory Intel ID: INTEL-SA-00312 Advisory Category: Software Impact of vulnerability : Escalation of Privilege Severity rating : MEDIUM Original release: 12/10/2019 Last revised: 12/10/2019 Summary: A potential security vulnerability in the Intel Setup and Configuration Software (SCS) Platform Discovery Utility may allow escalation of privilege. Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation Notice for the Intel SCS Platform Discovery Utility. Vulnerability Details: CVEID: CVE-2019-14605 Description: Improper permissions in the installer for the Intel(R) SCS Platform Discovery Utility, all versions, may allow an authenticated user to potentially enable escalation of privilege via local attack. CVSS Base Score: 6.7 Medium CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: Intel SCS Platform Discovery Utility, all versions."[1] MITIGATION Intel recommends: "Users of the Intel SCS Platform Discovery Utility uninstall it or discontinue use at their earliest convenience."[1] REFERENCES [1] Intel SCS Platform Discovery UtilityAdvisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00312.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXfGu0GaOgq3Tt24GAQhMoA//dUdfCdalUjzWaHO+mYfcnkQrM+CdG4Vp vqlQ5SZtg0Py74woLjj3ZjSj3hSqFsHnhWNn80LQc2jq4vZVOMpzcdpq6LILD3U+ SVZoF92sf3KEJWZj3cZv+lkdc/7ZYVAZJI2SyQRHY9fJGipmvcr6eY2Foy3nla36 psvUUOdfHppWlY4uR8YZ4FqZM6YYVvHO8iKLZNuoc9LTZXOS56gJUL6KWlPnstU1 lDQofYzBVA917S2hCVD92E2rz5akRJAIA9+nyyRsFMeKmqcfD4Ry7omMjBlE//cO gkZ1JZJBySrWDG8qO6I+LEIv96sOLaoDRXADDvtvRAHrronoG1/76NDbEEKIANAj 1+SSbLt768z4rPcU/MAIyIamFy60It04B8r1OT0YOnLwkRbLw+xwjdXgpefy4HFi bAutoyf9UGrrjZMhJvt5VTdf6Ejh0w1RV/0FXmSdIy35phmfdgkcs5eqcKgq/I6F LN9bxXAr6wakpebBAjLnPRkNug/h3sHmEr1AABhCr4wFtgy+/geDSIRCMA5jR2Jn dzxYw+keuPG04FEAspzkYn0qforCpOEso+SYd4UWWS6GO/ZVS9MuzJ1Oo45BETJT IkWc7ME+ML0HBAa17XZRtWeHNLjtgVZGFd8YS9Q5ktsZiSTuKEer1n9iN5+RDpVV MEHelaqG02w= =ZUBA -----END PGP SIGNATURE-----