CVE-2021-0064 – This vulnerability allows an authenticated user... (How to Fix)

Q: What is the severity of CVE-2021-0064?

CVE-2021-0064 has a CVSS score of 7.8 (HIGH). This vulnerability allows an authenticated user on a Windows system with vulnerable Intel PROSet/Wireless WiFi software to escalate privileges via local access. It affects Windows 10 systems running Intel PROSet/Wireless WiFi software versions before 22.40. The issue stems from insecure inherited permissions in the installer.

📋 TL;DR

This vulnerability allows an authenticated user on a Windows system with vulnerable Intel PROSet/Wireless WiFi software to escalate privileges via local access. It affects Windows 10 systems running Intel PROSet/Wireless WiFi software versions before 22.40. The issue stems from insecure inherited permissions in the installer.

💻 Affected Systems

Products:

Intel PROSet/Wireless WiFi software for Windows

Versions: All versions before 22.40

Operating Systems: Windows 10

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with Intel PROSet/Wireless WiFi software installed. Requires local authenticated access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains SYSTEM/administrator privileges on the local machine, enabling complete system compromise, data theft, persistence installation, and lateral movement.

🟠

Likely Case

Local authenticated user elevates to administrator privileges to install malware, modify system settings, or access protected resources.

🟢

If Mitigated

With proper access controls and patching, impact is limited to failed privilege escalation attempts with audit logging.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring authenticated access to the system.

🏢 Internal Only: HIGH - Internal users with standard accounts could exploit this to gain administrative privileges on their workstations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local authenticated access. The vulnerability is in installer permissions inheritance.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.40 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00509.html

Restart Required: Yes

Instructions:

1. Download Intel PROSet/Wireless WiFi software version 22.40 or later from Intel's website. 2. Run the installer with administrative privileges. 3. Follow the installation wizard. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Remove vulnerable software

windows

Uninstall Intel PROSet/Wireless WiFi software if not required

Control Panel > Programs > Uninstall a program > Select Intel PROSet/Wireless WiFi > Uninstall

Restrict local access

all

Limit physical and remote access to affected systems

🧯 If You Can't Patch

Implement strict access controls to limit who has local authenticated access to affected systems
Monitor for privilege escalation attempts using security logging and endpoint detection

🔍 How to Verify

Check if Vulnerable:

Check Intel PROSet/Wireless WiFi software version in Control Panel > Programs > Programs and Features

Check Version:

wmic product where name="Intel PROSet/Wireless WiFi" get version

Verify Fix Applied:

Verify installed version is 22.40 or later in Control Panel > Programs > Programs and Features

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing unexpected privilege escalation
Security logs with unusual process creation by authenticated users

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

EventID=4688 AND NewProcessName contains *installer* AND SubjectUserName NOT IN (admin_users)

📊 Metadata

CVE ID: CVE-2021-0064

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: November 17, 2021

Last Updated: November 21, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00509.html Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00509.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-0064, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

7265 Firmware by Intel

Ac 3165 Firmware by Intel

Ac 3168 Firmware by Intel

Ac 8260 Firmware by Intel

Ac 8265 Firmware by Intel

Ac 9260 Firmware by Intel

Ac 9461 Firmware by Intel

Ac 9462 Firmware by Intel

Ac 9560 Firmware by Intel

Ax200 Firmware by Intel

Ax201 Firmware by Intel

Ax210 Firmware by Intel