Product: Snow Inventory Agent for Windows
New version: 6.0.2
Release date: October 23, 2018
Distribution: SUS and MSI Package
Current status: Released
A privilege escalation exploit vulnerability, CVE 2018-17778, has been identified. The external component cpuidsdk.dll v.126.96.36.199 in Snow Inventory Agent for Windows was reported as vulnerable to this privilege escalation exploit. At the time of publishing this bulletin this vulnerability has not been made public yet and is under review.
While this vulnerability has not yet been published, Snow is releasing an update of Snow inventory agent, the external component of cpuidsdk.dll was updated to the latest version v.188.8.131.52, which mitigates this vulnerability.
Updated an external component CPUIDSDK.dll from 184.108.40.206 to 220.127.116.11 due to a discovered privilege escalation vulnerability CVE-2018-17778.
See security bulletin SN-181010-1 for additional information.
The following enhancements have been implemented in Snow Inventory Agent for Windows version 6.0.2:
- A new agent configuration setting has been added, http.timeout. This setting defines the timeout value, in seconds, for requests to the server endpoint. The default value is 15 seconds.
- A newer version of the third-party CPUID component has been included, which has improved CPU detection for:
- Intel 9th generation Core family (Coffee Lake 9900K, 9700K, 9600K, 9600, 9500 and 9400)
- Intel Coffee Lake-U processors.
- Intel Z390.
- AMD ThreadRipper 2000.