-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0101
                            Intel NUC Advisory
                               10 April 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Intel NUC firmware
Operating System:     Firmware
Impact/Access:        Increased Privileges     -- Existing Account
                      Denial of Service        -- Existing Account
                      Access Confidential Data -- Existing Account
Resolution:           Patch/Upgrade
CVE Names:            CVE-2019-0163  
Member content until: Friday, May 10 2019

OVERVIEW

        Intel has discovered a potential security vulnerability in the 
        firmware for Intel NUC. [1]


IMPACT

        Intel has provided the following information regarding the vulnerability:
        
        "Vulnerability Details:
        
        CVEID: CVE-2019-0163
        
        Description: Insufficient input validation in system firmware for Intel(R)
        Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user
        to potentially enable escalation of privilege, denial of service, and/or
        information disclosure via local access.
        
        CVSS Base Score: 7.5 High
        
        CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
        
        Affected Products:
        
        Intel Broadwell U i5 vPro before version MYBDWi5v.86A." [1]


MITIGATION

        Intel recommends affected users take the following steps:
        
        " Recommendations:
        
        Intel recommends that users of Intel Broadwell U i5 vPro update to firmware
        version MYBDWi5v.86A or later.
        
        Updates are available for download at this location: MYBDWi5v.86A " [1] [2]


REFERENCES

        [1] Intel NUC Advisory
            https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00239.html

        [2] Updated firmware version MYBDWi5v.86A
            https://downloadcenter.intel.com/downloads/eula/28665/BIOS-Update-MYBDWi5v-86A-?httpDown=https%3A%2F%2Fdownloadmirror.intel.com%2F28665%2Feng%2FMYI50050.bio

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXK2NdmaOgq3Tt24GAQjMMxAAvVSsLal7P7WMxaC89u85tL3NPnv/u3YB
aqb0gP+xuOdKRHFwxptMJTCxPfPpTJPLaswHUSoGHdGJ3wmA/V42TFH+8LG4jpQv
XAvBJf+1AS/4SEkjWNa7WL4gjiJ8rZ35Z0GA5gRpVp5RsY5h3SPq8BBCByxG2qvu
5opO8BhQxbKBRLmLRIY5tChku1+/WXBrA6RuhXgZMfsWlRt0+yjzDCGsc0ob4qVw
0CJzs/riEPSqTfm+4AD6GtZ5G/yRDIt3hZijXvMsHwomd38arG0Pjl+D5u3VhJSC
DC2/a+iQYlhvXstdW7bQW+2p4TgEER19/MnPRSvdZUcES4wbqr7J9KWXARgvxp30
vctRhFm65l/QD8InQZurIxRo0t3yJ1h/6e7bsLS6ETTAX8DAt12pfVYoY2PZlIjC
SRuqS7jxlbOGbKA2UvBVBeteawoHlsNO0Yvf+5K/zDEXjqboVy54cLEPA2or8OV3
NG7lBe9FLX/rIisVppYpbI1QwUZ8RnDmu9/27tcpxAliT4HThDQQxB6Y1IAYFhE0
sIQEYe8jPcHsZvgpeCo64ojuwy4jOPJ99h4MaJiS6ScPFssGXhlXVRwEWDcjhDLI
/OH7GwcXXv5SNcXKOWMo9P+pQQiI8QLwCJQ3+OsnN56PVMQKEAqJMtMYK9Ciq1Oc
qkQ7yG3/PKk=
=hYvN
-----END PGP SIGNATURE-----