Intel USB 3.0 eXtensible Host Controller Driver Advisory - Feb. 12

    Intel USB 3.0 eXtensible Host Controller Driver Advisory - Feb. 12

    Intel USB 3.0 eXtensible Host Controller Driver Advisory - Feb. 12


    Posted: 13 Feb 2019

    Intel ID: INTEL-SA-00200
    Advisory Category: Software
    Impact of vulnerability: Escalation of Privilege
    Severity rating: MEDIUM
    Original release: 02/12/2019
    Last revised: 02/12/2019

    Summary:

    A potential security vulnerability in the Intel® USB 3.0 eXtensible Host Controller Driver may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability.

    Vulnerability Details:

    CVEID: CVE-2018-3700

    Description: Code injection vulnerability in the installer for Intel(R) USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 before version 5.0.4.43v2 may allow a user to potentially enable escalation of privilege via local access.

    CVSS Base Score: 5.8 Medium

    CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H

    Affected Products:

    Intel® USB 3.0 eXtensible Host Controller Driver for Microsoft Windows® 7 before version 5.0.4.43v2.

    Recommendation:

    Intel recommends updating Intel® USB 3.0 eXtensible Host Controller Driver to 5.0.4.43v2 or later.

    Updates are available for download at this location:

    https://downloadcenter.intel.com/pro...troller-Driver

    Acknowledgements:

    Intel would like to thank Marius Gabriel Mihai for reporting this issue and working with us on coordinated disclosure.

    Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed.

    Revision History

    Revision Date Description
    1.0 02/12/2019 Initial Release

    Source: INTEL-SA-00200
    Brink's Avatar Posted By: Brink
    13 Feb 2019


  1. Cliff S
    Posts : 27,184
    Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
       New #1

    So this is only for Windows 7 versions?
    Affected Products:

    Intel® USB 3.0 eXtensible Host Controller Driver for Microsoft Windows® 7 before version 5.0.4.43v2.
    Thought I might say something before anyone panics
      My Computers
    Quote Quote

  3. Faith
    Posts : 1,560
    Windows 10 Home 20H2 64-bit
       New #2

    So only W7? But why can't this be automatically updated through Windows Update?
      My Computer
    Quote Quote

  4. PolarNettles
    Posts : 809
    Win10
       New #3

    From the description the vulnerability is in the driver installer, not the driver itself.

    I don't believe Windows Update installs drivers using the installer from the manufacturer so this should only be relevant if you (or some 3rd party utility) manually run the .EXE. But there's no details on the vulnerability yet so that's just speculation.
      My Computer
    Quote Quote

 

  Related Discussions
HI, was hoping someone might be able to help me out. I have a desktop with two 3.1 (gen 2) ports; one each of type A and C on an ASMedia host controller. Plus a number of USB 3.0 (gen 1)ports. The 3.1 host controller has the latest driver...
Hello to everyone, So, before some time I had Win 8 and everything was fine. After a while I have had installed fresh Win 8.1 system. After that I tried and tried to make USB 3.0 in function but not successful. Trying everything, reinstalling,...
Hi. I have Renesas USB 3.0 eXtensible Host Controller - 0.96 (Microsoft), but I have read that 1.0 is available, but I cannot find it. The reason I am looking to upgrade from 0.96 is because my USB Controller drops out from time to time...
Hi everyone! Since I've upgraded to windows 10 I've been experiencing some sporadic problems where my PC will not go into sleep mode. I ran powercfg lastwake in command prompt and it came up with Intel (R) USB 3.0 extensible Host Controller. I then...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 06:11.
Find Us




Windows 10 Forums