Myrja.Schumacher

Release Announcement of Snow Inventory Agent for Windows 5.3.1

Blog Post created by Myrja.Schumacher Employee on Oct 23, 2018

Release information

Product:                Snow Inventory Agent for Windows
New version:         5.3.1
Release date:        October 23, 2018
Distribution:          SUS and MSI Package
Current status:     Released

 

Summary

A privilege escalation exploit vulnerability, CVE 2018-17778, has been identified. The external component cpuidsdk.dll v.1.2.0.6 in Snow Inventory Agent for Windows was reported as vulnerable to this privilege escalation exploit. At the time of publishing this bulletin this vulnerability has not been made public yet and is under review.
While this vulnerability has not yet been published, Snow is releasing an update of Snow inventory agent, the external component of cpuidsdk.dll was updated to the latest version v.1.2.1.2, which mitigates this vulnerability.

Security

Updated an external component CPUIDSDK.dll from 1.2.0.6 to 1.2.1.2 due to a discovered privilege escalation vulnerability CVE-2018-17778.
See security bulletin SN-181010-1 for additional information.

Enhancement

The following enhancements have been implemented in Snow Inventory Agent for Windows version 5.3.1:

  • A newer version of the third-party CPUID component has been included, which has improved CPU detection for:
    • AMD desktop Raven Ridge APU (AM4)
    • Intel Coffee Lake processors and Z370 platform
    • Intel Skylake-X HCC processors
    • Intel Xeon Skylake-SP and Xeon/W Skylake processors
    • Intel Xeon Phi Knight Landing Intel 9th generation Core family (Coffee Lake 9900K, 9700K, 9600K, 9600, 9500 and 9400).
    • Intel Coffee Lake-U processors.
    • Intel Z390.
    • AMD ThreadRipper 2000.

 

Release Notes and Security Note: Snow Inventory Agent 5.3.1 for Windows

Outcomes