Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0351 Intel Dynamic Platform and Thermal Framework Advisory 12 December 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Dynamic Platform & Thermal Framework Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2019-0134 Member content until: Saturday, January 11 2020 OVERVIEW Intel has discovered vulnerabilities in Intel Dynamic Platform and Thermal Framework v8.3.10208.5643 and before. [1] IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "Intel ID: INTEL-SA-00230 Advisory Category: Software Impact of vulnerability : Escalation of Privilege Severity rating : LOW Original release: 12/10/2019 Last revised: 12/10/2019 Summary: A potential security vulnerability in Intel(R) Dynamic Platform and Thermal Framework may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-0134 Description: Improper permissions in the Intel(R) Dynamic Platform and Thermal Framework v8.3.10208.5643 and before may allow an authenticated user to potentially execute code at an elevated level of privilege. CVSS Base Score: 3.2 Low CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N Affected Products: Intel Dynamic Platform and Thermal Framework v8.3.10208.5643 and before."[1] MITIGATION Intel recommends: "Users of Intel Dynamic Platform and Thermal Framework update to the latest version provided by the system manufacturer that addresses these issues."[1] REFERENCES [1] Intel Dynamic Platform and Thermal Framework Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00230.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXfGxWGaOgq3Tt24GAQgemRAAnnhY9EQyKbjPGLr38LXu/iFlKhyA5x8Q rBhPMczEURKvOLWHV0tY1Wcn6EbqmNmaZ9X2hZ+bMFWkkYosRdEIf3mtiN/jVb2/ CNTKwFJ8EZnybtt2WTtVKu6eV1Ppm97jU+Oh0wPHDaBuFm24evhGL4zXaGz4aN1r i7EP+Coe3ikfyMk9w4/RSemgcga9ADJLNy8EAMA49OrI1GNwWzKqaxJxPcoCL2aB 7r5dxcC5y85IGwtRbWrGU4wqiZwe3uOzLY6PYJ5P4gjF4tgiiCEycsOJHCARX21I TbbeESwvQj6GQpl05D7XkiAmkgRR4ptORvR+hwa5w77vIFBgafgQ5pXWyBn0iBxJ R/IxjGB0liaded1kNGck5OPtLMzY0nMborMfIPIo4GT0uxKxWBN+fBKAo9aJpOE1 wExbF+KhiHY4a+fMq1X9uLxMPPTzYs0vmZj+qanj+CbGgDA0UozUrYUtR9T4L/QQ HuEI+b3yilPxLOFdB0zbeAYg4JMMxmesR5OI8swapJPip2qYOEkYUI3PlHsz526C rV0ApCJRKPKy5M6lnCdYSz6+jI3tqHwrvOi4WmPKf5fjbz5LZKLHq1WlukIykDMV HpMWaeJ+zA37DcNYL23yKh0E3v/kwhRAqeZRsOq517RAj2eBvVDbJ+ECS8wzyXrW jfri8j3I0gw= =1Zex -----END PGP SIGNATURE-----