CVE-2020-12335
📋 TL;DR
This vulnerability in Intel Processor Identification Utility installer allows authenticated local users to escalate privileges due to improper permissions. Attackers could gain higher system privileges than intended. Only affects systems with this specific Intel utility installed.
💻 Affected Systems
- Intel Processor Identification Utility
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Local authenticated attacker gains SYSTEM/root privileges, enabling complete system compromise, data theft, persistence installation, and lateral movement.
Likely Case
Malicious insider or compromised user account escalates to administrative privileges to install malware, steal sensitive data, or bypass security controls.
If Mitigated
With proper user privilege management and endpoint protection, impact limited to user's own account scope with no privilege escalation.
🎯 Exploit Status
Requires local authenticated access. Exploitation likely involves manipulating installer permissions or files to trigger privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.4.0603 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00419
Restart Required: No
Instructions:
1. Download Intel Processor Identification Utility version 6.4.0603 or later from Intel website. 2. Uninstall previous version. 3. Install updated version. 4. Verify installation completed successfully.
🔧 Temporary Workarounds
Uninstall vulnerable utility
windowsRemove Intel Processor Identification Utility if not required for operations
Control Panel > Programs > Uninstall a program > Select Intel Processor Identification Utility > Uninstall
Restrict installer permissions
windowsApply strict file system permissions to installer directories
icacls "C:\Program Files\Intel\Processor Identification Utility" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" /deny "Users:(OI)(CI)C"
🧯 If You Can't Patch
- Implement least privilege principle - ensure users don't have local admin rights unnecessarily
- Deploy application control/whitelisting to prevent unauthorized installer execution
🔍 How to Verify
Check if Vulnerable:
Check installed version of Intel Processor Identification Utility. If version is earlier than 6.4.0603, system is vulnerable.Check Version:
Windows: Check Programs and Features or run utility and view About. Linux: Check package version via package manager.Verify Fix Applied:
Verify Intel Processor Identification Utility version is 6.4.0603 or later. Check that utility functions normally after update.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events
- Intel Processor Identification Utility installer execution by non-admin users
- File permission changes in Intel utility directories
Network Indicators:
- None - local privilege escalation only
SIEM Query:
EventID=4688 AND ProcessName LIKE '%Intel%Processor%Identification%Utility%' AND NewProcessName LIKE '%cmd.exe%' OR '%powershell.exe%'