CVE-2024-28952 – This vulnerability in Intel IPP software for Wi... (How to Fix)

Q: What is the severity of CVE-2024-28952?

CVE-2024-28952 has a CVSS score of 6.7 (MEDIUM). This vulnerability in Intel IPP software for Windows allows authenticated local users to escalate privileges by manipulating the DLL search path. It affects systems running vulnerable versions of Intel IPP software on Windows platforms.

📋 TL;DR

This vulnerability in Intel IPP software for Windows allows authenticated local users to escalate privileges by manipulating the DLL search path. It affects systems running vulnerable versions of Intel IPP software on Windows platforms.

💻 Affected Systems

Products:

Intel Integrated Performance Primitives (IPP) software

Versions: All versions before 2021.12.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires local authenticated access to the Windows system where Intel IPP is installed.

📦 What is this software?

Integrated Performance Primitives by Intel

View all CVEs affecting Integrated Performance Primitives →

Oneapi Base Toolkit by Intel

View all CVEs affecting Oneapi Base Toolkit →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker gains SYSTEM/administrator privileges, enabling complete system compromise, data theft, and persistence mechanisms.

🟠

Likely Case

Local authenticated users escalate to higher privileges, potentially installing malware, accessing sensitive data, or bypassing security controls.

🟢

If Mitigated

With proper access controls and patching, risk is limited to authorized users who would need to bypass additional security measures.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local authenticated access and knowledge of DLL hijacking techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2021.12.0 or later

Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01140.html

Restart Required: Yes

Instructions:

1. Download Intel IPP version 2021.12.0 or later from Intel's website. 2. Uninstall previous versions. 3. Install the updated version. 4. Restart the system.

🔧 Temporary Workarounds

Restrict DLL search path

windows

Configure Windows to use SafeDllSearchMode and restrict DLL loading from current directory

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v SafeDllSearchMode /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v CWDIllegalInDllSearch /t REG_DWORD /d 0xffffffff /f

🧯 If You Can't Patch

Implement strict access controls to limit local authenticated users
Monitor for suspicious DLL loading behavior and privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Intel IPP version via Control Panel > Programs and Features or using 'wmic product get name,version' command

Check Version:

wmic product where "name like '%Intel%Performance%Primitives%'" get name,version

Verify Fix Applied:

Verify installed Intel IPP version is 2021.12.0 or later

📡 Detection & Monitoring

Log Indicators:

Windows Event ID 4688 (process creation) showing unexpected DLL loads
Security logs showing privilege escalation attempts

Network Indicators:

Not applicable - local privilege escalation

SIEM Query:

EventID=4688 AND (ProcessName="*.exe" AND CommandLine="*DLL*" AND User!="SYSTEM")

📊 Metadata

CVE ID: CVE-2024-28952

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: November 13, 2024

Last Updated: September 2, 2025

🔗 References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01140.html Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28952, you might also want to check these: