CVE-2024-21784
📋 TL;DR
This vulnerability in Intel IPP Cryptography software allows authenticated local users to escalate privileges by manipulating the DLL search path. It affects systems running vulnerable versions of Intel IPP Cryptography software before version 2021.11.
💻 Affected Systems
- Intel IPP Cryptography software
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could gain SYSTEM/root privileges on the affected system, potentially leading to complete system compromise.
Likely Case
Local authenticated users could elevate their privileges to administrator/root level on the system.
If Mitigated
With proper access controls and patching, the risk is limited to authorized users who already have some system access.
🎯 Exploit Status
Exploitation requires local authenticated access and knowledge of DLL search path manipulation techniques.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2021.11 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01114.html
Restart Required: Yes
Instructions:
1. Download Intel IPP Cryptography version 2021.11 or later from Intel's website. 2. Uninstall the vulnerable version. 3. Install the updated version. 4. Restart the system.
🔧 Temporary Workarounds
Restrict DLL search path
allConfigure system to restrict DLL search path to trusted directories only
Windows: Use Group Policy to set SafeDllSearchMode=1
Linux: Set LD_LIBRARY_PATH to trusted directories only
Remove vulnerable software
allUninstall Intel IPP Cryptography software if not required
Windows: Control Panel > Programs > Uninstall Intel IPP Cryptography
Linux: sudo apt-get remove ipp-crypto (or equivalent package manager command)
🧯 If You Can't Patch
- Implement strict access controls to limit local authenticated users
- Monitor for suspicious DLL loading behavior and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Intel IPP Cryptography version - if below 2021.11, system is vulnerableCheck Version:
Windows: Check installed programs list. Linux: rpm -qa | grep ipp-crypto or dpkg -l | grep ipp-cryptoVerify Fix Applied:
Verify Intel IPP Cryptography version is 2021.11 or higher📡 Detection & Monitoring
Log Indicators:
- Unexpected DLL loading from non-standard paths
- Privilege escalation attempts
- Process execution with elevated privileges
Network Indicators:
- Not applicable - local vulnerability
SIEM Query:
Process creation events where parent process is Intel IPP software and child process has elevated privileges