CVE-2023-45736
📋 TL;DR
Intel Power Gadget for Windows has insecure inherited permissions that allow authenticated local users to escalate privileges. This affects all versions of the software on Windows systems where the vulnerable component is installed. An attacker with standard user access could potentially gain higher privileges.
💻 Affected Systems
- Intel(R) Power Gadget software
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could gain SYSTEM-level privileges, enabling complete system compromise, installation of malware, or disabling security controls.
Likely Case
Local authenticated user elevates to administrator privileges to install unauthorized software, modify system configurations, or access protected data.
If Mitigated
With proper access controls and least privilege principles, impact is limited to users who already have administrative access to affected systems.
🎯 Exploit Status
Exploitation requires authenticated local access. The CWE-277 (Insecure Inherited Permissions) suggests the vulnerability involves improper permission inheritance that can be leveraged for privilege escalation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Intel has released updated versions addressing this vulnerability
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01037.html
Restart Required: Yes
Instructions:
1. Visit Intel Security Advisory INTEL-SA-01037. 2. Download the latest version of Intel Power Gadget. 3. Uninstall the current version. 4. Install the updated version. 5. Restart the system.
🔧 Temporary Workarounds
Remove Intel Power Gadget
windowsUninstall Intel Power Gadget software if not required for system functionality
Control Panel > Programs > Uninstall a program > Select Intel Power Gadget > Uninstall
Restrict Access Permissions
windowsManually adjust file and folder permissions for Intel Power Gadget installation to restrict access
icacls "C:\Program Files\Intel\Power Gadget" /inheritance:r /grant:r "SYSTEM:(OI)(CI)F" "Administrators:(OI)(CI)F" "Users:(OI)(CI)RX"
🧯 If You Can't Patch
- Remove Intel Power Gadget software from all systems where it is not essential
- Implement strict access controls and monitor for privilege escalation attempts on systems with the software installed
🔍 How to Verify
Check if Vulnerable:
Check if Intel Power Gadget is installed via Control Panel > Programs and Features or using PowerShell: Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*Intel*Power*Gadget*'}Check Version:
Check program version in Control Panel or via registry: reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s | findstr /i "Intel Power Gadget"Verify Fix Applied:
Verify the installed version matches or exceeds the patched version from Intel's advisory, and check that the software has been updated or removed📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing privilege escalation attempts, unexpected process elevation, or unauthorized access to Intel Power Gadget files
Network Indicators:
- No network indicators as this is a local privilege escalation vulnerability
SIEM Query:
EventID=4688 AND (NewProcessName contains "powershell.exe" OR NewProcessName contains "cmd.exe") AND CommandLine contains "Intel" AND CommandLine contains "Power Gadget"