Product: Snow Inventory Agent for Windows
New version: 5.3.1
Release date: October 23, 2018
Distribution: SUS and MSI Package
Current status: Released
A privilege escalation exploit vulnerability, CVE 2018-17778, has been identified. The external component cpuidsdk.dll v.184.108.40.206 in Snow Inventory Agent for Windows was reported as vulnerable to this privilege escalation exploit. At the time of publishing this bulletin this vulnerability has not been made public yet and is under review.
While this vulnerability has not yet been published, Snow is releasing an update of Snow inventory agent, the external component of cpuidsdk.dll was updated to the latest version v.220.127.116.11, which mitigates this vulnerability.
Updated an external component CPUIDSDK.dll from 18.104.22.168 to 22.214.171.124 due to a discovered privilege escalation vulnerability CVE-2018-17778.
See security bulletin SN-181010-1 for additional information.
The following enhancements have been implemented in Snow Inventory Agent for Windows version 5.3.1:
- A newer version of the third-party CPUID component has been included, which has improved CPU detection for:
- AMD desktop Raven Ridge APU (AM4)
- Intel Coffee Lake processors and Z370 platform
- Intel Skylake-X HCC processors
- Intel Xeon Skylake-SP and Xeon/W Skylake processors
- Intel Xeon Phi Knight Landing Intel 9th generation Core family (Coffee Lake 9900K, 9700K, 9600K, 9600, 9500 and 9400).
- Intel Coffee Lake-U processors.
- Intel Z390.
- AMD ThreadRipper 2000.
Release Notes and Security Note: Snow Inventory Agent 5.3.1 for Windows