CVE-2021-0090
📋 TL;DR
This vulnerability in Intel Driver & Support Assistant (DSA) allows authenticated local users to escalate privileges by exploiting an uncontrolled search path element. Attackers could execute arbitrary code with higher privileges by placing malicious DLLs in specific directories. Only systems running vulnerable versions of Intel DSA are affected.
💻 Affected Systems
- Intel Driver & Support Assistant (DSA)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise where an authenticated attacker gains SYSTEM/root privileges, installs persistent malware, accesses sensitive data, and disables security controls.
Likely Case
Local privilege escalation allowing attackers to install additional malware, modify system configurations, or access restricted files and resources.
If Mitigated
Limited impact with proper user account controls, application whitelisting, and restricted local access preventing malicious DLL placement.
🎯 Exploit Status
Requires authenticated local access and ability to place malicious DLLs in specific directories. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 20.11.50.9 and later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00510.html
Restart Required: Yes
Instructions:
1. Open Intel Driver & Support Assistant. 2. Check for updates in settings. 3. Install update to version 20.11.50.9 or later. 4. Restart the system to complete installation.
🔧 Temporary Workarounds
Remove vulnerable Intel DSA
windowsUninstall Intel Driver & Support Assistant if not required
Control Panel > Programs > Uninstall a program > Select Intel Driver & Support Assistant > Uninstall
Restrict DLL search paths
windowsUse Windows policies to restrict DLL search order
🧯 If You Can't Patch
- Restrict local user permissions to prevent DLL placement in vulnerable directories
- Implement application control/whitelisting to block unauthorized DLL execution
🔍 How to Verify
Check if Vulnerable:
Check Intel DSA version in application settings or Windows Programs listCheck Version:
On Windows: Check 'About' in Intel DSA or look in Control Panel > ProgramsVerify Fix Applied:
Confirm Intel DSA version is 20.11.50.9 or higher📡 Detection & Monitoring
Log Indicators:
- Unexpected DLL loads by Intel DSA process
- Privilege escalation attempts from Intel DSA context
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
Process creation where parent process contains 'IntelDSA' and privilege level changes