HPSBHF03633 rev.1 - Intel Rapid Storage Technology (RSTe) Driver Installer Vulnerability

Potential Security Impact

Escalation of privilege

VULNERABILITY SUMMARY

HP has been notified of a security vulnerability with the driver pack installers for Intel® RSTe package versions before version 4.7.0.2083 that may allow an authenticated user to escalate privilege via local access.

RESOLUTION

The mitigated installer (Setup.exe) is version 4.7.0.1119 or newer. To verify the version of Setup.exe:

1. Right-click Setup.exe.

2. Select Properties, and then click the Details tab.

3. Verify the file version is 4.7.0.1119 or greater.

Setup.exe version 4.7.0.1119 installs user interface version 4.7.0.2072 and driver version 4.7.0.1098. Only install Intel RSTe using Setup.exe version 4.7.0.1119 or greater.

HP recommends that any Setup.exe prior to version 4.7.0.1119 be removed from your system.

Below is the list of HP SoftPaqs with the Intel Setup.exe installer mitigated. These SoftPaqs install Intel RSTe user interface version 4.7.0.2072 and driver version 4.7.0.1098.