CVE-2024-36291
📋 TL;DR
This vulnerability in Intel Chipset Software Installation Utility allows authenticated local users to escalate privileges by manipulating the search path. It affects systems running vulnerable versions of the utility, primarily impacting Windows environments where this Intel software is installed.
💻 Affected Systems
- Intel(R) Chipset Software Installation Utility
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could gain SYSTEM/administrator privileges, potentially leading to complete system compromise, data theft, or installation of persistent malware.
Likely Case
Local authenticated users (including low-privilege accounts) could elevate to administrator privileges to bypass security controls or install unauthorized software.
If Mitigated
With proper access controls and patching, the risk is limited to authorized users who would need physical or remote desktop access to the system.
🎯 Exploit Status
Exploitation requires authenticated local access and knowledge of DLL search order hijacking techniques. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.1.19867.8574 or later
Vendor Advisory: https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01184.html
Restart Required: Yes
Instructions:
1. Download the latest Intel Chipset Software Installation Utility from Intel's website. 2. Uninstall the current version. 3. Install the updated version 10.1.19867.8574 or later. 4. Restart the system.
🔧 Temporary Workarounds
Restrict local access
windowsLimit physical and remote desktop access to trusted users only
Remove vulnerable utility
windowsUninstall Intel Chipset Software Installation Utility if not required
Control Panel > Programs > Uninstall a program > Select 'Intel(R) Chipset Software Installation Utility' > Uninstall
🧯 If You Can't Patch
- Implement strict access controls to limit who has local login privileges
- Monitor for privilege escalation attempts and unusual process behavior
🔍 How to Verify
Check if Vulnerable:
Check installed programs for 'Intel(R) Chipset Software Installation Utility' and verify version is below 10.1.19867.8574Check Version:
wmic product where "name like 'Intel%%Chipset%%Software%%Installation%%Utility'" get versionVerify Fix Applied:
Confirm the utility version is 10.1.19867.8574 or later in installed programs list📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing privilege escalation, unusual process creation from chipset utility paths
- Security logs showing users gaining higher privileges unexpectedly
Network Indicators:
- No network indicators - this is a local privilege escalation
SIEM Query:
EventID=4688 AND (ProcessName LIKE '%infinst.exe%' OR ProcessName LIKE '%IntelChipset%') AND NewProcessName LIKE '%cmd.exe%' OR NewProcessName LIKE '%powershell.exe%')