Intel ID: INTEL-SA-00281
Advisory Category: Software
Impact of vulnerability: Escalation of Privilege, Denial of Service, Information Disclosure
Severity rating: HIGH
Original release: 08/13/2019
Last revised: 08/13/2019

Summary:

A potential security vulnerability in the Intel® Processor Identification Utility for Windows* may allow escalation of privilege, denial of service or information disclosure. Intel is releasing software updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2019-11163
Description: Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected Products:

Intel® Processor Identification Utility for Windows* before version 6.1.0731.

Recommendations:

Intel recommends that users of the Intel® Processor Identification Utility for Windows* update to the latest version.

Updates are available for download at this location: Download Intel(R) Processor Identification Utility - Windows* Version

Acknowledgements:

Intel would like to thank Jesse Michael (CVE-2019-11163) for reporting this issue.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Revision History

Revision Date Description
1.0 08/13/2019 Initial Release

Source: INTEL-SA-00281