CVE-2021-33094 – This vulnerability allows authenticated local u... (How to Fix)

Q: What is the severity of CVE-2021-33094?

CVE-2021-33094 has a CVSS score of 7.8 (HIGH). This vulnerability allows authenticated local users to escalate privileges on Intel NUC M15 Laptop Kit systems due to insecure inherited permissions in the Keyboard LED Service driver installer. Attackers could gain SYSTEM-level access by exploiting improper file/folder permissions. Only systems with the vulnerable driver pack installed are affected.

📋 TL;DR

This vulnerability allows authenticated local users to escalate privileges on Intel NUC M15 Laptop Kit systems due to insecure inherited permissions in the Keyboard LED Service driver installer. Attackers could gain SYSTEM-level access by exploiting improper file/folder permissions. Only systems with the vulnerable driver pack installed are affected.

💻 Affected Systems

Products:

Intel NUC M15 Laptop Kit Keyboard LED Service driver pack

Versions: Versions before 1.0.0.4

Operating Systems: Windows 10, Windows 11

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where the vulnerable driver pack is installed. Not all Intel NUC systems are affected.

📦 What is this software?

Nuc M15 Laptop Kit Keyboard Led Service Driver Pack by Intel

View all CVEs affecting Nuc M15 Laptop Kit Keyboard Led Service Driver Pack →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker gains SYSTEM privileges, enabling complete system compromise, persistence installation, credential theft, and lateral movement.

🟠

Likely Case

Local user or malware with standard privileges escalates to administrative/SYSTEM rights to bypass security controls.

🟢

If Mitigated

With proper patching and least privilege principles, impact is limited to denial of service at most.

🌐 Internet-Facing: LOW - Requires local authenticated access, not remotely exploitable.

🏢 Internal Only: HIGH - Local privilege escalation enables attackers to bypass security controls and compromise systems from within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated local access and knowledge of vulnerable file locations. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.0.4 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00569.html

Restart Required: Yes

Instructions:

1. Download driver version 1.0.0.4 or later from Intel's website. 2. Run the installer with administrative privileges. 3. Restart the system when prompted.

🔧 Temporary Workarounds

Remove vulnerable driver

windows

Uninstall the Keyboard LED Service driver pack if not needed

Control Panel > Programs > Uninstall a program > Select 'Intel NUC M15 Laptop Kit Keyboard LED Service' > Uninstall

Restrict file permissions

windows

Manually set proper permissions on driver installation directories

icacls "C:\Program Files\Intel\Keyboard LED Service\*" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" /deny "Users:(OI)(CI)F"

🧯 If You Can't Patch

Implement least privilege principles - ensure users don't have unnecessary local admin rights
Monitor for privilege escalation attempts using Windows Event Logs and EDR solutions

🔍 How to Verify

Check if Vulnerable:

Check driver version in Device Manager under 'System devices' > 'Intel NUC M15 Laptop Kit Keyboard LED Service' or check installed programs list.

Check Version:

wmic path Win32_PnPSignedDriver where "DeviceName like '%Keyboard LED%'" get DeviceName, DriverVersion

Verify Fix Applied:

Verify driver version is 1.0.0.4 or later and check file permissions on installation directory.

📡 Detection & Monitoring

Log Indicators:

Windows Security Event ID 4688 (process creation) with parent-child privilege escalation patterns
Unexpected SYSTEM privilege processes launched by standard users

Network Indicators:

No network indicators - local privilege escalation only

SIEM Query:

source="windows_security" event_id=4688 (process_name="*" AND integrity_level="System") AND user_name!="SYSTEM"

📊 Metadata

CVE ID: CVE-2021-33094

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-732

Published: November 17, 2021

Last Updated: November 21, 2024

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00569.html Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00569.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33094, you might also want to check these: