CVE-2024-33220 – This vulnerability allows attackers to escalate... (How to Fix)

Q: What is the severity of CVE-2024-33220?

CVE-2024-33220 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to escalate privileges and execute arbitrary code by sending crafted IOCTL requests to the AslO3_64.sys driver in ASUSTeK AISuite3. It affects users running AISuite3 version 3.03.36 on Windows systems. Attackers can gain SYSTEM-level privileges from a lower-privileged account.

📋 TL;DR

This vulnerability allows attackers to escalate privileges and execute arbitrary code by sending crafted IOCTL requests to the AslO3_64.sys driver in ASUSTeK AISuite3. It affects users running AISuite3 version 3.03.36 on Windows systems. Attackers can gain SYSTEM-level privileges from a lower-privileged account.

💻 Affected Systems

Products:

ASUSTeK Computer Inc AISuite3

Versions: v3.03.36

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the AslO3_64.sys driver to be loaded, which typically occurs when AISuite3 is running.

📦 What is this software?

Ai Suite by Asus

View all CVEs affecting Ai Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with SYSTEM privileges, enabling installation of persistent malware, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation allowing attackers to bypass security controls, install additional malware, or access protected system resources.

🟢

If Mitigated

Limited impact if proper endpoint protection detects and blocks malicious IOCTL requests or if the vulnerable driver is not loaded.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring local access to the system.

🏢 Internal Only: HIGH - Malicious insiders or compromised accounts can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Public exploit code is available on GitHub. Exploitation requires local access but is straightforward once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Unknown

Restart Required: No

Instructions:

Check ASUSTeK support for updated AISuite3 version. Uninstall AISuite3 if not needed. Monitor vendor announcements for patches.

🔧 Temporary Workarounds

Disable or Remove AISuite3

windows

Uninstall AISuite3 to remove the vulnerable driver from the system.

Control Panel > Programs > Uninstall AISuite3

Block Driver Loading

windows

Use Windows Group Policy or Device Guard to block loading of AslO3_64.sys.

Use Windows Security Policy or PowerShell to configure driver block rules

🧯 If You Can't Patch

Restrict local access to systems running AISuite3 through strict access controls and privilege management.
Implement endpoint detection and response (EDR) solutions to monitor for suspicious IOCTL requests and privilege escalation attempts.

🔍 How to Verify

Check if Vulnerable:

Check if AslO3_64.sys driver is present in C:\Windows\System32\drivers\ or similar location, and verify AISuite3 version is 3.03.36.

Check Version:

Check AISuite3 version in Control Panel > Programs or via vendor documentation.

Verify Fix Applied:

Confirm AslO3_64.sys driver is removed or updated to a non-vulnerable version, and AISuite3 is either uninstalled or updated.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing suspicious driver activity or privilege escalation events
Security logs indicating unusual IOCTL requests to AslO3_64.sys

Network Indicators:

Not applicable - local exploitation only

SIEM Query:

Search for events related to AslO3_64.sys driver loading or unusual process creation with SYSTEM privileges.

📊 Metadata

CVE ID: CVE-2024-33220

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-782

Published: May 22, 2024

Last Updated: April 18, 2025

🔗 References

https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220 Exploit,Third Party Advisory
https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33220, you might also want to check these: