CVE-2024-21774
📋 TL;DR
This vulnerability in Intel Processor Identification Utility software allows authenticated local users to escalate privileges by exploiting an uncontrolled search path (DLL hijacking). It affects users running vulnerable versions of the utility on Windows systems.
💻 Affected Systems
- Intel Processor Identification Utility
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could gain SYSTEM/administrator privileges on the affected system, enabling complete system compromise, data theft, and persistence.
Likely Case
Local authenticated users could elevate their privileges to administrator level, allowing them to install malware, modify system settings, or access restricted data.
If Mitigated
With proper access controls and patching, the risk is limited to authorized users who already have some level of system access.
🎯 Exploit Status
Exploitation requires authenticated local access and knowledge of DLL hijacking techniques. No public exploit code has been reported.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 6.10.34.1129 or later, Version 7.1.6 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01054.html
Restart Required: No
Instructions:
1. Download the latest version from Intel's website. 2. Uninstall the current version. 3. Install the patched version. 4. Verify the installation is complete.
🔧 Temporary Workarounds
Remove vulnerable software
windowsUninstall Intel Processor Identification Utility if not required
Control Panel > Programs > Uninstall a program > Select Intel Processor Identification Utility > Uninstall
Restrict write permissions
windowsPrevent users from writing to directories where the utility searches for DLLs
🧯 If You Can't Patch
- Remove Intel Processor Identification Utility from systems where it's not essential
- Implement strict access controls to limit which users can execute the utility
🔍 How to Verify
Check if Vulnerable:
Check the installed version of Intel Processor Identification Utility via Control Panel > Programs or by running the utility and checking the About section.Check Version:
Not applicable - check via GUI or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Processor Identification UtilityVerify Fix Applied:
Verify the installed version is 6.10.34.1129 or later (for version 6.x) or 7.1.6 or later (for version 7.x).📡 Detection & Monitoring
Log Indicators:
- Unusual process creation from Intel Processor Identification Utility
- DLL loading from unexpected locations
Network Indicators:
- None - this is a local privilege escalation vulnerability
SIEM Query:
Process creation where parent process contains 'Intel Processor Identification Utility' and child process has elevated privileges