-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2020.0012
Intel releases security update for chipset device software (INTEL-SA-00306)
                              15 January 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel Chipset Device Software
Operating System:     Windows
Impact/Access:        Denial of Service -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-14596  
Member content until: Friday, February 14 2020

OVERVIEW

        Intel has published an update for the
        Intel Chipset Device Software INF Utility (formerly known as the
        Intel Chipset Software Installation Utility) to address an
        information disclosure vulnerability. [1]


IMPACT

        Intel has provided the following information on the vulnerability:
        
        "CVEID: CVE-2019-14596
        
        Description: Improper access control in the installer for Intel(R) Chipset
        Device Software INF Utility before version 10.1.18 may allow an authenticated
        user to potentially enable denial of service via local access.
        
        CVSS Base Score: 5.9 Medium
        
        CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H" [1]


MITIGATION

        Intel recommends updating to version 10.1.18 or later to
        address this vulnerability. [1]


REFERENCES

        [1] Intel Chipset Device Software Security Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXh59n2aOgq3Tt24GAQgQTQ/7Bb5Xaj76EO5+cR60cWJYTge8SqJDlc7+
4R4VP+KrfHS+ehVDWZiSyNaqCF7f9SfDsEPTDPNCZkhCyl+SRGORRol8wn/6ZmPZ
De3j0H+y6o3UKDScZia4T8DTHfdR1ItQDDk3pagjpY5DdpV86fgrWyVf4EA4C5iL
FqAMh0Jw8t1/vQp863hwIAUvQjh+iG0cDj/p7NTrMNrqMnhFsAQz4ooX+yGU576/
ZiCMeNLeSwB8u4RVuyOb/xUWGMOgNhOH+Ai1d38GTFV/eMqzGKoUM0YEb1JQ8yAf
RLBxIo5EpBjXVTYx8K/y0+BY7PXQpCm8WopHPM3HuqBL1BbswvY8NuCxKqmI8bdp
3nn/h5os7viN2c5jbWo1B6j63F+Yc7JDNXbQVY50I4SJAI8xHG7RSE+Sru3m9Zpo
9fcGL10ftS3fzc42RDZz3C0LrE+lwEG+l5/9Yhui1XMaEh856CqFky6kk/dYFrFJ
2H0R3+zeIifMqfQq+wQtNqNA8uuw7dLCBkf056Zl/kt7pUlnls7LyFUqkm/ukkh4
7TpOlTGCIwG4u2nBiI1V4OdnGRqecxEFN0PTvvI1xm6zFBIDHgiPxteV6CvdrZRS
mfbNWppl6iJ3QkhBZ032x49Y9lvqyCqJph2yYoNKB9ERYhL2vrsMkbRSN45iiBHG
nV/ajAbX8E0=
=OROz
-----END PGP SIGNATURE-----