Remediation

The vulnerability can be remediated in two different ways, both of which require the CPUID setting to be disabled:

  • Use Snow Inventory Server Admin Console to deploy a configuration update for Snow Inventory Agent for Windows.

  • Change an existing Snow Inventory Agent for Windows configuration file.

Use Snow Inventory Server Admin Console to deploy a configuration update for Snow Inventory Agent for Windows

The following procedure must be repeated for all configurations that are used by agents running on Windows.

  1. On your Snow Inventory Server application server, open Snow Inventory Server Admin Console and sign in.

  2. In the left-hand view, select Configurations.

    1_Screen_Shot_2021-02-17_at_14_48_49.png
  3. Select an existing configuration that affects your Windows computers.

  4. Select Edit.

    2_Screen_Shot_2021-02-17_at_14_50_53.png

    The Edit configuration window appears.

  5. Select System settings.

    3_Screen_Shot_2021-02-17_at_14_45_36.png
  6. Verify whether the key Hardware_Scan_Enable_Cpuid exists:

    • If it exists: select the line, select Edit, and ensure the check box is clear, select Update.

    • If it does not exist: select Add, select Hardware_Scan_Enable_Cpuid, and ensure the check box is clear, select Add.

    4_Screen_Shot_2021-02-17_at_14_46_09.png
    5_5_Screen_Shot_2021-02-17_at_16_47_28.png
  7. Select Save.

    A window appears with a Yes/No question. Answer Yes to save the configuration.

    5_Screen_Shot_2021-02-17_at_14_47_07.png
  8. In the left-hand view, select Agent Updates.

    This view displays different metrics for an agent update, for example, the progress and how many machines have successfully been updated.

    In the left-hand view, you can select your agent update to see its update progress:

    7_Screen_Shot_2021-02-17_at_15_08_27.png
    8_Screen_Shot_2021-02-17_at_15_11_57.png
    9_Screen_Shot_2021-02-17_at_15_12_19.png

    The last view displays statistics for successful agent updates.

The progress of a configuration deployment depends on client availability (for example, that a computer is powered-on) and the http.poll_interval value in the Snow Inventory Agent for Windows configuration file.

Change an existing Snow Inventory Agent for Windows configuration file

Using the tool of your choice, change the snowagent.config file on all computers that run Snow Inventory Agent for Windows:

  1. Edit %ProgramFiles%\Snow Software\Inventory\Agent\snowagent.config.

  2. Find the <SystemSettings> section.

  3. Find the the line that contains hardware.scan.enable_cpuid and make sure that it is <Setting key="hardware.scan.enable_cpuid" value="false" />.

    Note

    If the <Setting key="hardware.scan.enable_cpuid" value="false" /> line does not exist, create it in the <SystemSettings> section.

  4. Save and close the file.

  5. Restart the Windows service named Snow Inventory Agent.