Intel issued a patch on Nov. 10, fixing a vulnerability in the way the Intel Support Assistant interacts with files that could impact millions of Windows systems and could lead to privilege-escalation attacks.
The vulnerability is the latest issue disclosed by access-security firm CyberArk during an 18-month effort to seek out specific types of patterns that could lead to vulnerabilities, analyzing widespread management utilities for flaws that would allow malware or a local attacker to gain system privileges on a victim's computer. In this case, the Intel Support Assistant interacts insecurely with nonprivileged data and directories, giving attackers the ability to execute code as the privileged program by modifying a nonprivileged file.
The attack only requires a malicious program or user to copy malicious code to a directory used by the utility, according to Eran Shimony, a security researcher with CyberArk. The issues, which allow an attacker to manipulate files, result in raising the permissions of any malware program, giving it the ability to "do a bunch of things that you couldn't do as a mere user," the researcher says.
"To trigger the ability is pretty simple: You abuse some of the features of the Intel Support Assistant, and through that, you can escalate into a system account," he says. "And, if you have local admin, then it is pretty much game over."
The vulnerabilities underscore the impact that simple errors — such as failing to protect the directories used by system utilities with high-level permissions or running those utilities with reduced access rig ..
Support the originator by clicking the read the rest link below.
