Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0351
Intel Dynamic Platform and Thermal Framework Advisory
12 December 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel Dynamic Platform & Thermal Framework
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2019-0134
Member content until: Saturday, January 11 2020
OVERVIEW
Intel has discovered vulnerabilities in Intel Dynamic Platform and
Thermal Framework v8.3.10208.5643 and before. [1]
IMPACT
Intel has provided the folllowing information regarding the vulnerabilities:
"Intel ID: INTEL-SA-00230
Advisory Category: Software
Impact of vulnerability : Escalation of Privilege
Severity rating : LOW
Original release: 12/10/2019
Last revised: 12/10/2019
Summary:
A potential security vulnerability in Intel(R) Dynamic Platform and Thermal
Framework may allow escalation of privilege. Intel is releasing software
updates to mitigate this potential vulnerability.
Vulnerability Details:
CVEID: CVE-2019-0134
Description: Improper permissions in the Intel(R) Dynamic Platform and Thermal
Framework v8.3.10208.5643 and before may allow an authenticated user to
potentially execute code at an elevated level of privilege.
CVSS Base Score: 3.2 Low
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N
Affected Products:
Intel Dynamic Platform and Thermal Framework v8.3.10208.5643 and before."[1]
MITIGATION
Intel recommends: "Users of Intel Dynamic Platform and Thermal Framework
update to the latest version provided by the system manufacturer that addresses
these issues."[1]
REFERENCES
[1] Intel Dynamic Platform and Thermal Framework Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00230.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXfGxWGaOgq3Tt24GAQgemRAAnnhY9EQyKbjPGLr38LXu/iFlKhyA5x8Q
rBhPMczEURKvOLWHV0tY1Wcn6EbqmNmaZ9X2hZ+bMFWkkYosRdEIf3mtiN/jVb2/
CNTKwFJ8EZnybtt2WTtVKu6eV1Ppm97jU+Oh0wPHDaBuFm24evhGL4zXaGz4aN1r
i7EP+Coe3ikfyMk9w4/RSemgcga9ADJLNy8EAMA49OrI1GNwWzKqaxJxPcoCL2aB
7r5dxcC5y85IGwtRbWrGU4wqiZwe3uOzLY6PYJ5P4gjF4tgiiCEycsOJHCARX21I
TbbeESwvQj6GQpl05D7XkiAmkgRR4ptORvR+hwa5w77vIFBgafgQ5pXWyBn0iBxJ
R/IxjGB0liaded1kNGck5OPtLMzY0nMborMfIPIo4GT0uxKxWBN+fBKAo9aJpOE1
wExbF+KhiHY4a+fMq1X9uLxMPPTzYs0vmZj+qanj+CbGgDA0UozUrYUtR9T4L/QQ
HuEI+b3yilPxLOFdB0zbeAYg4JMMxmesR5OI8swapJPip2qYOEkYUI3PlHsz526C
rV0ApCJRKPKy5M6lnCdYSz6+jI3tqHwrvOi4WmPKf5fjbz5LZKLHq1WlukIykDMV
HpMWaeJ+zA37DcNYL23yKh0E3v/kwhRAqeZRsOq517RAj2eBvVDbJ+ECS8wzyXrW
jfri8j3I0gw=
=1Zex
-----END PGP SIGNATURE-----