Windows 10: Potential vulnerabilities in Intel Accelerated Storage Manager in RSTe

Brink · Mar 13, 2019

Intel ID: INTEL-SA-00231 Advisory Category: Software Impact of vulnerability: Escalation of Privilege Severity rating: HIGH Original release: 03/12/2019 Last revised: 03/12/2019
Summary:

A potential security vulnerability in Intel® Accelerated Storage Manager in RSTe may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2019-0135
Description: Improper permissions in the installer for Intel(R) Accelerated Storage Manager in RSTe v5.5 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H

Affected Products:

Intel® Accelerated Storage Manager in RSTe v5.5 and before.

Recommendations:

Intel recommends that users of Intel® Accelerated Storage Manager in RSTe update to the latest version provided by the system manufacturer that addresses these issues.

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.

Revision History

Revision Date Description 1.0 03/12/2019 Initial Release
Click to expand...

Source: INTEL-SA-00231

:)

Brink · Mar 13, 2019

Intel NVMe and Intel RSTe Driver Pack Advisory escalation of privilege

[table][tr]Intel ID: INTEL-SA-00154 [/tr] [tr][td]Advisory Category:[/td] [td]Software[/td] [/tr] [tr][td]Impact of vulnerability:[/td] [td]Escalation of Privilege[/td] [/tr] [tr][td]Severity rating:[/td] [td]MEDIUM[/td] [/tr] [tr][td]Original release:[/td] [td]10/09/2018[/td] [/tr] [tr][td]Last revised:[/td] [td]10/09/2018[/td] [/tr] [/table]

Summary:

A potential security vulnerability in the Intel® Storage NVMe and Rapid Storage Technology (RSTe) driver packs may allow escalation of privilege.

Vulnerability Details:

CVEID: CVE-2018-12131

Description: Permissions in the driver pack installers for Intel(R) NVMe before version 4.0.0.1007 and Intel(R) RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.

CVSS Base Score: 5.0 Medium

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

Affected Products:

Intel® Client NVMe Versions 4.0.0.1006 and before.

Datacenter NVMe Versions 4.0.0.1006 and before.

Intel® RSTe 4.7.0.2082 and before.

Recommendations:

Intel recommends that users of Intel® NVMe and Intel® RSTe drivers update to the following versions, or later:

RSTe v4.7.0.2083 download from: https://downloadcenter.intel.com/pro...ogy-Intel-RST-

NVMe v4.0.0.1007 download from: https://downloadcenter.intel.com/pro...SSD-750-Series

Acknowledgements:

Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.

Revision History

[table][tr]Revision Date Description [/tr] [tr][td]1.0[/td] [td]10/09/2018[/td] [td]Initial Release[/td] [/tr] [/table]
Click to expand...

Source: INTEL-SA-00154

Brink · Mar 13, 2019

Intel Management Engine Vulnerability and Surface Devices

Microsoft is aware of the Intel Management Engine vulnerability (Intel-SA-00086). The Intel vulnerability detection tool currently lists Microsoft Surface devices as vulnerable to this security advisory.Microsoft has investigated the issue and found the following:

Remote exploit of this vulnerability requires Intel Active Management Technology (AMT). Current Surface devices do not allow remote connectivity to the ME because our devices do not run AMT.

Local exploit of this vulnerability requires Direct Connect Interface (DCI) access via USB, which is not provided on Surface devices.

Because of this, we believe exploits using this vulnerability are significantly reduced on Surface devices. We care deeply about ensuring our devices are reliable and secure and are working with Intel to generate fixes for current devices, which we expect to release in the near future.
Click to expand...

Source: Intel Management Engine Vulnerability and Surface Devices Surface

Harkanwar Singh · Mar 13, 2019

Intel® Graphics Media Accelerator Driver not compatible with Windows 10

Hi Jae,

Thank you for your interest in Windows 10!

Some programs and/or drivers might not work as expected in Windows 10 as some manufacturers are still in the process of manufacturing the new definitions of the drivers.

In this case, you can download an older version of the driver and install it in compatibility mode with a compatible version of Windows.

For example, you can download Intel(R) Graphics Media Accelerator version compatible to Windows 7 and install in compatibility mode in Windows 10. Refer to the following steps:

Step 1: Download and save the driver on the desktop from the following link.

Intel® Graphics Media Accelerator Driver for Windows* 7(exe)

Step 2: Install the driver in compatibility mode.

Right click on the driver, and click on Properties.

Go to the Compatibility tab.

Check the box for Run this program in compatibility mode for:

Select Windows 7 in the list of Operating systems.

Click OK.

Double-click the driver file to install the driver and follow the onscreen instructions.

Reboot your computer.

Check with the issue. Please post back your results for further assistance.

Windows 10: Potential vulnerabilities in Intel Accelerated Storage Manager in RSTe

Potential vulnerabilities in Intel Accelerated Storage Manager in RSTe

Potential vulnerabilities in Intel Accelerated Storage Manager in RSTe

Potential vulnerabilities in Intel Accelerated Storage Manager in RSTe

Potential vulnerabilities in Intel Accelerated Storage Manager in RSTe - Similar Threads - Potential vulnerabilities Intel

Intel Accelerated Storage Manager in Intel RSTe Advisory

Potential security vulnerabilities in Intel USB 3.0 Creator Utility

Potential security vulnerabilities in Intel SGX SDK

Potential security vulnerabilities in Intel Matrix Storage Manager

Potential security vulnerabilities in Intel firmware

Intel Graphics Driver potential security vulnerabilities for Windows

Intel NUC Bios Updater Advisory for potential security vulnerability

Intel Server Board Firmware Advisory for potential vulnerability

Intel Management Engine Vulnerability and Surface Devices

Users found this page by searching for:

intel-sa-00189 surface

INTEL-SA-00191 detection tool