Improsec’s Responsible Disclosure policy dictates a 90 day period for the security measures to be designed, developed, tested and implemented with customers before we publish information about the vulnerability, and that time has passed now.ĭuring the 60 days several new versions of the application were released, from 20.5.20 to 20.8.30.6.
We were furthermore informed, that the vulnerability would be fixed in 60 days or sooner. When we first contacted Intel we were informed, that another researcher already had reported the same vulnerability. Intel Driver & Support Assistant is an application for keeping drivers, firmware and software packages up-to-date on systems using Intel hardware. One has the argument /silent, the other /S /NORESTART, but that, the version and the installer hash seem to be the only substantive differences between the manifests.This blog post highlights a trivial privilege escalation vulnerability in Intel Driver & Support Assistant. without the capital "A") specifies a more recent version, but as best I can tell they're both downloading the same installer. One was added in #1165 by the other in #1214 by no particular preference about which is preserved and which is maintained the one from #1214 (IntelDriverandSupportAssistant, i.e. One or the other should probably be deleted, or possibly they should be merged.Īs best I can tell, this is entirely accidental. This seems unnecessary and makes installing one or the other unnecessarily difficult, as you need to (a) spot that the distinction is the capitalisation and (b) go hunting to remind yourself what the syntax is for the case-sensitive selection.
There are two manifests in this repository for the Intel Driver & Support Assistant, that differ only by the capitalisation of "a" in the "and".
0 kommentar(er)
