CVE-2021-33090
📋 TL;DR
This vulnerability allows authenticated local users to escalate privileges on affected Intel NUC systems due to incorrect default permissions in the HDMI firmware update tool installer. It affects users of specific Intel NUC models (NUC10i3FN, NUC10i5FN, NUC10i7FN) who have not updated to the patched version. Attackers with local access could gain elevated system privileges.
💻 Affected Systems
- Intel NUC HDMI Firmware Update Tool
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains full SYSTEM/root privileges on the affected NUC device, enabling complete system compromise, data theft, persistence installation, and lateral movement within the network.
Likely Case
A malicious insider or compromised user account escalates privileges to install malware, steal sensitive data, or maintain persistence on the affected NUC system.
If Mitigated
With proper access controls and least privilege principles, the impact is limited to the specific user's scope, though local privilege escalation remains possible if the vulnerability is exploited.
🎯 Exploit Status
Exploitation requires authenticated local access. The vulnerability involves incorrect default permissions, which typically means file/folder permissions that allow write access to privileged locations.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.78.2.0.7
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00568.html
Restart Required: Yes
Instructions:
1. Download the updated Intel NUC HDMI Firmware Update Tool version 1.78.2.0.7 or later from Intel's website. 2. Uninstall any previous versions of the tool. 3. Install the updated version. 4. Restart the system to ensure changes take effect.
🔧 Temporary Workarounds
Remove vulnerable tool
windowsUninstall the Intel NUC HDMI Firmware Update Tool if not needed
Control Panel > Programs > Uninstall a program > Select 'Intel NUC HDMI Firmware Update Tool' > Uninstall
Restrict local access
allImplement strict access controls to limit who can log into affected NUC systems
🧯 If You Can't Patch
- Remove the Intel NUC HDMI Firmware Update Tool from affected systems if firmware updates are not required
- Implement strict user access controls and follow least privilege principles to limit which users can authenticate to affected systems
🔍 How to Verify
Check if Vulnerable:
Check if Intel NUC HDMI Firmware Update Tool is installed and check its version in Control Panel > Programs > Programs and FeaturesCheck Version:
wmic product where name='Intel NUC HDMI Firmware Update Tool' get versionVerify Fix Applied:
Verify the installed version is 1.78.2.0.7 or later in Control Panel > Programs > Programs and Features📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing unexpected privilege escalation events
- Security logs showing users gaining SYSTEM privileges unexpectedly
- Application logs showing the HDMI firmware tool being accessed or modified
Network Indicators:
- Unusual outbound connections from NUC systems after local access
- Lateral movement attempts from NUC systems to other network resources
SIEM Query:
EventID=4688 AND (NewProcessName LIKE '%cmd.exe%' OR NewProcessName LIKE '%powershell.exe%') AND SubjectUserName NOT IN (authorized_admin_users) AND ComputerName LIKE '%NUC10%'