Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0101 Intel NUC Advisory 10 April 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel NUC firmware Operating System: Firmware Impact/Access: Increased Privileges -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-0163 Member content until: Friday, May 10 2019 OVERVIEW Intel has discovered a potential security vulnerability in the firmware for Intel NUC. [1] IMPACT Intel has provided the following information regarding the vulnerability: "Vulnerability Details: CVEID: CVE-2019-0163 Description: Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. CVSS Base Score: 7.5 High CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: Intel Broadwell U i5 vPro before version MYBDWi5v.86A." [1] MITIGATION Intel recommends affected users take the following steps: " Recommendations: Intel recommends that users of Intel Broadwell U i5 vPro update to firmware version MYBDWi5v.86A or later. Updates are available for download at this location: MYBDWi5v.86A " [1] [2] REFERENCES [1] Intel NUC Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00239.html [2] Updated firmware version MYBDWi5v.86A https://downloadcenter.intel.com/downloads/eula/28665/BIOS-Update-MYBDWi5v-86A-?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F28665%2Feng%2FMYI50050.bio AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXK2NdmaOgq3Tt24GAQjMMxAAvVSsLal7P7WMxaC89u85tL3NPnv/u3YB aqb0gP+xuOdKRHFwxptMJTCxPfPpTJPLaswHUSoGHdGJ3wmA/V42TFH+8LG4jpQv XAvBJf+1AS/4SEkjWNa7WL4gjiJ8rZ35Z0GA5gRpVp5RsY5h3SPq8BBCByxG2qvu 5opO8BhQxbKBRLmLRIY5tChku1+/WXBrA6RuhXgZMfsWlRt0+yjzDCGsc0ob4qVw 0CJzs/riEPSqTfm+4AD6GtZ5G/yRDIt3hZijXvMsHwomd38arG0Pjl+D5u3VhJSC DC2/a+iQYlhvXstdW7bQW+2p4TgEER19/MnPRSvdZUcES4wbqr7J9KWXARgvxp30 vctRhFm65l/QD8InQZurIxRo0t3yJ1h/6e7bsLS6ETTAX8DAt12pfVYoY2PZlIjC SRuqS7jxlbOGbKA2UvBVBeteawoHlsNO0Yvf+5K/zDEXjqboVy54cLEPA2or8OV3 NG7lBe9FLX/rIisVppYpbI1QwUZ8RnDmu9/27tcpxAliT4HThDQQxB6Y1IAYFhE0 sIQEYe8jPcHsZvgpeCo64ojuwy4jOPJ99h4MaJiS6ScPFssGXhlXVRwEWDcjhDLI /OH7GwcXXv5SNcXKOWMo9P+pQQiI8QLwCJQ3+OsnN56PVMQKEAqJMtMYK9Ciq1Oc qkQ7yG3/PKk= =hYvN -----END PGP SIGNATURE-----