Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0012 Intel releases security update for chipset device software (INTEL-SA-00306) 15 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Chipset Device Software Operating System: Windows Impact/Access: Denial of Service -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-14596 Member content until: Friday, February 14 2020 OVERVIEW Intel has published an update for the Intel Chipset Device Software INF Utility (formerly known as the Intel Chipset Software Installation Utility) to address an information disclosure vulnerability. [1] IMPACT Intel has provided the following information on the vulnerability: "CVEID: CVE-2019-14596 Description: Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access. CVSS Base Score: 5.9 Medium CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H" [1] MITIGATION Intel recommends updating to version 10.1.18 or later to address this vulnerability. [1] REFERENCES [1] Intel Chipset Device Software Security Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXh59n2aOgq3Tt24GAQgQTQ/7Bb5Xaj76EO5+cR60cWJYTge8SqJDlc7+ 4R4VP+KrfHS+ehVDWZiSyNaqCF7f9SfDsEPTDPNCZkhCyl+SRGORRol8wn/6ZmPZ De3j0H+y6o3UKDScZia4T8DTHfdR1ItQDDk3pagjpY5DdpV86fgrWyVf4EA4C5iL FqAMh0Jw8t1/vQp863hwIAUvQjh+iG0cDj/p7NTrMNrqMnhFsAQz4ooX+yGU576/ ZiCMeNLeSwB8u4RVuyOb/xUWGMOgNhOH+Ai1d38GTFV/eMqzGKoUM0YEb1JQ8yAf RLBxIo5EpBjXVTYx8K/y0+BY7PXQpCm8WopHPM3HuqBL1BbswvY8NuCxKqmI8bdp 3nn/h5os7viN2c5jbWo1B6j63F+Yc7JDNXbQVY50I4SJAI8xHG7RSE+Sru3m9Zpo 9fcGL10ftS3fzc42RDZz3C0LrE+lwEG+l5/9Yhui1XMaEh856CqFky6kk/dYFrFJ 2H0R3+zeIifMqfQq+wQtNqNA8uuw7dLCBkf056Zl/kt7pUlnls7LyFUqkm/ukkh4 7TpOlTGCIwG4u2nBiI1V4OdnGRqecxEFN0PTvvI1xm6zFBIDHgiPxteV6CvdrZRS mfbNWppl6iJ3QkhBZ032x49Y9lvqyCqJph2yYoNKB9ERYhL2vrsMkbRSN45iiBHG nV/ajAbX8E0= =OROz -----END PGP SIGNATURE-----