CVE-2021-0077
📋 TL;DR
This vulnerability in Intel VTune Profiler installer allows authenticated local users to escalate privileges due to insecure inherited permissions. It affects users running VTune Profiler versions before 2021.1.1 on Windows systems where the installer creates directories with overly permissive access controls.
💻 Affected Systems
- Intel VTune Profiler
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could gain SYSTEM/Administrator privileges on the affected system, potentially taking full control of the machine.
Likely Case
Local authenticated users could elevate their privileges to install malicious software, modify system configurations, or access sensitive data they shouldn't have access to.
If Mitigated
With proper access controls and least privilege principles, the impact is limited to users who already have some level of local access.
🎯 Exploit Status
Exploitation requires local authenticated access and knowledge of the insecure directory permissions. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2021.1.1 and later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00518.html
Restart Required: No
Instructions:
1. Download VTune Profiler version 2021.1.1 or later from Intel's website. 2. Uninstall the vulnerable version. 3. Install the patched version. 4. Verify the installation directory permissions are properly set.
🔧 Temporary Workarounds
Manual Permission Fix
windowsManually adjust directory permissions to remove insecure inheritance and restrict access
icacls "C:\Program Files\Intel\VTune Profiler" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F" /grant:r "Users:(OI)(CI)RX"
🧯 If You Can't Patch
- Implement strict access controls and least privilege principles for all user accounts
- Monitor for unauthorized privilege escalation attempts using Windows security logs
🔍 How to Verify
Check if Vulnerable:
Check VTune Profiler version and verify if directory permissions allow write access to non-admin usersCheck Version:
Check VTune Profiler About dialog or run: "C:\Program Files\Intel\VTune Profiler\bin64\vtune.exe" --versionVerify Fix Applied:
Verify VTune Profiler version is 2021.1.1 or later and check that directory permissions are properly restricted📡 Detection & Monitoring
Log Indicators:
- Windows Security Event ID 4672 (Special privileges assigned to new logon)
- Event ID 4688 (Process creation) showing privilege escalation
Network Indicators:
- No network indicators - this is a local privilege escalation
SIEM Query:
source="WinEventLog:Security" (EventID=4672 OR EventID=4688) AND (ProcessName="*vtune*" OR CommandLine="*vtune*")