CVE-2024-35245
📋 TL;DR
This vulnerability in Intel PROSet/Wireless WiFi software allows authenticated local users to escalate privileges by exploiting an uncontrolled search path element. It affects Windows systems running vulnerable versions of Intel wireless software. Attackers could gain higher system privileges than intended.
💻 Affected Systems
- Intel(R) PROSet/Wireless WiFi software
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Authenticated attacker gains SYSTEM/administrator privileges, enabling complete system compromise, persistence installation, and lateral movement.
Likely Case
Local user with standard privileges escalates to administrator to install malware, modify system settings, or access restricted data.
If Mitigated
With proper access controls and patching, impact limited to isolated systems with minimal business disruption.
🎯 Exploit Status
Requires authenticated local access and knowledge of DLL hijacking techniques. No public exploits known as of advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 23.60 or later
Vendor Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01167.html
Restart Required: Yes
Instructions:
1. Download Intel PROSet/Wireless WiFi software version 23.60 or later from Intel website
2. Run installer with administrative privileges
3. Follow on-screen instructions
4. Restart system when prompted
🔧 Temporary Workarounds
Restrict DLL search path
windowsConfigure Windows to restrict DLL search path using SafeDllSearchMode or SetDefaultDllDirectories
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager" /v SafeDllSearchMode /t REG_DWORD /d 1 /f
Remove vulnerable software
windowsUninstall Intel PROSet/Wireless WiFi software if not required
appwiz.cpl
Select Intel PROSet/Wireless WiFi software and click Uninstall
🧯 If You Can't Patch
- Restrict local user access to systems with vulnerable software
- Implement application whitelisting to prevent unauthorized DLL loading
🔍 How to Verify
Check if Vulnerable:
Check Intel PROSet/Wireless WiFi software version in Control Panel > Programs and FeaturesCheck Version:
wmic product where "name like 'Intel%PROSet%Wireless%'" get versionVerify Fix Applied:
Verify installed version is 23.60 or later in Programs and Features📡 Detection & Monitoring
Log Indicators:
- Unusual DLL loading from non-standard paths
- Process creation with unexpected parent-child relationships
- Windows Event ID 4688 with suspicious command lines
Network Indicators:
- Not applicable - local privilege escalation
SIEM Query:
EventID=4688 AND (CommandLine LIKE "%rundll32%" OR CommandLine LIKE "%regsvr32%") AND ParentImage LIKE "%Intel%Wireless%"