CVE-2024-24852
📋 TL;DR
This vulnerability in Intel Ethernet Adapter drivers allows authenticated local users to escalate privileges by manipulating the DLL search path during installation. It affects systems running vulnerable driver versions before 29.1. Attackers could gain SYSTEM-level access on affected Windows systems.
💻 Affected Systems
- Intel Ethernet Adapter Complete Driver Pack
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker gains SYSTEM privileges, enabling complete system compromise, persistence installation, and lateral movement.
Likely Case
Malicious insider or compromised user account escalates to administrative privileges to install malware or access sensitive data.
If Mitigated
With proper privilege separation and monitoring, impact limited to user-level compromise without escalation.
🎯 Exploit Status
DLL hijacking vulnerability requiring authenticated user to trigger installation or have write access to search paths.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 29.1 or later
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01144.html
Restart Required: Yes
Instructions:
1. Download Intel Ethernet Adapter Complete Driver Pack version 29.1 or later from Intel website. 2. Run installer with administrative privileges. 3. Follow on-screen instructions. 4. Restart system when prompted.
🔧 Temporary Workarounds
Restrict DLL search paths
windowsUse Windows policies to restrict DLL search order and prevent loading from untrusted directories.
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v SafeDllSearchMode /t REG_DWORD /d 1 /f
Remove vulnerable drivers
windowsUninstall vulnerable driver versions if not required for system functionality.
pnputil /delete-driver oem#.inf /uninstall
dism /online /get-drivers /format:table
🧯 If You Can't Patch
- Implement least privilege - ensure users don't have administrative rights or write access to system directories.
- Monitor for suspicious DLL loading events and installation attempts using Windows Event Logs or EDR solutions.
🔍 How to Verify
Check if Vulnerable:
Check driver version in Device Manager under Network adapters > Intel Ethernet adapter > Driver tab, or run: pnputil /enum-drivers | findstr "Intel Ethernet"Check Version:
pnputil /enum-drivers | findstr /i "intel ethernet"Verify Fix Applied:
Verify driver version is 29.1 or higher in Device Manager or using: Get-WindowsDriver -Online | Where-Object {$_.Driver -like "*Intel*Ethernet*"} | Select-Object Driver, Version📡 Detection & Monitoring
Log Indicators:
- Event ID 7045: Service installation
- DLL loading from unusual paths
- Privilege escalation attempts
Network Indicators:
- Unusual outbound connections post-privilege escalation
SIEM Query:
source="windows" (event_id=7045 AND service_name="*Intel*Ethernet*") OR (event_id=4688 AND process_name="*setup*.exe" AND command_line="*Intel*Ethernet*")