Operating System:

[WIN]

Published:

12 December 2019

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ASB-2019.0350 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0350
       Intel SCS Platform Discovery UtilityAdvisory vulnerabilities
                             12 December 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel SCS Platform Discovery UtilityAdvisory
Operating System:     Windows
Impact/Access:        Increased Privileges -- Existing Account
Resolution:           Mitigation
CVE Names:            CVE-2019-14605  
Member content until: Saturday, January 11 2020

OVERVIEW

        Intel has discovered vulnerabilities in all versions of Intel SCS Platform Discovery UtilityAdvisory. [1]


IMPACT

        Intel has provided the folllowing information regarding the vulnerabilities:
        
        "INTEL-SA-00312
        
        The latest security information on Intel products.
        
        Intel SCS Platform Discovery Utility Advisory
        
        Intel ID:             INTEL-SA-00312
        Advisory Category:        Software
        Impact of vulnerability : Escalation of Privilege
        Severity rating :         MEDIUM
        Original release:         12/10/2019
        Last revised:             12/10/2019
        
        Summary:
        
        A potential security vulnerability in the Intel Setup and Configuration
        Software (SCS) Platform Discovery Utility may allow escalation of privilege.
        Intel is not releasing updates to mitigate this potential vulnerability and has
        issued a Product Discontinuation Notice for the Intel SCS Platform Discovery
        Utility.
        
        Vulnerability Details:
        
        CVEID: CVE-2019-14605
        
        Description: Improper permissions in the installer for the Intel(R) SCS
        Platform Discovery Utility, all versions, may allow an authenticated user to
        potentially enable escalation of privilege via local attack.
        
        CVSS Base Score: 6.7 Medium
        
        CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
        
        Affected Products:
        
        Intel SCS Platform Discovery Utility, all versions."[1]


MITIGATION

        Intel recommends:
        "Users of the Intel SCS Platform Discovery Utility uninstall it or 
        discontinue use at their earliest convenience."[1]


REFERENCES

        [1] Intel SCS Platform Discovery UtilityAdvisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00312.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXfGu0GaOgq3Tt24GAQhMoA//dUdfCdalUjzWaHO+mYfcnkQrM+CdG4Vp
vqlQ5SZtg0Py74woLjj3ZjSj3hSqFsHnhWNn80LQc2jq4vZVOMpzcdpq6LILD3U+
SVZoF92sf3KEJWZj3cZv+lkdc/7ZYVAZJI2SyQRHY9fJGipmvcr6eY2Foy3nla36
psvUUOdfHppWlY4uR8YZ4FqZM6YYVvHO8iKLZNuoc9LTZXOS56gJUL6KWlPnstU1
lDQofYzBVA917S2hCVD92E2rz5akRJAIA9+nyyRsFMeKmqcfD4Ry7omMjBlE//cO
gkZ1JZJBySrWDG8qO6I+LEIv96sOLaoDRXADDvtvRAHrronoG1/76NDbEEKIANAj
1+SSbLt768z4rPcU/MAIyIamFy60It04B8r1OT0YOnLwkRbLw+xwjdXgpefy4HFi
bAutoyf9UGrrjZMhJvt5VTdf6Ejh0w1RV/0FXmSdIy35phmfdgkcs5eqcKgq/I6F
LN9bxXAr6wakpebBAjLnPRkNug/h3sHmEr1AABhCr4wFtgy+/geDSIRCMA5jR2Jn
dzxYw+keuPG04FEAspzkYn0qforCpOEso+SYd4UWWS6GO/ZVS9MuzJ1Oo45BETJT
IkWc7ME+ML0HBAa17XZRtWeHNLjtgVZGFd8YS9Q5ktsZiSTuKEer1n9iN5+RDpVV
MEHelaqG02w=
=ZUBA
-----END PGP SIGNATURE-----