Mistakes were Made | Intel Privilege Escalation
Posted by Michael on 16/01/2020Intel is a very large corporation most known for their processors. A recent flaw within Intel’s ‘VTune Profiler’ software could enable anyone to upgrade their privileges if exploited correctly. This software is a performance monitoring & analysis application mainly used for serial and multi threaded application developers.
This application supports Windows, Linux and MacOS. The affected version of the software for Windows is before update 8 are affected.
“Improper access control in driver for Intel VTune Amplifier for Windows before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access,”
The severity of the vulnerability found in ‘VTune Profiler’ has a CVSS score of 8.2 out of 10; this CVSS score is rated at a high severity. Intel urges users to update their software as soon as they can.
Other flaws Intel has patched address ‘medium’ risk vulnerabilities and a single ‘low’ risk vulnerability. The vulnerabilities found are all affecting Intel differently. One of the ‘medium’ risk vulnerabilities cause denial-of-service attacks (CVE-2019-14615), two ‘medium’ risk may cause elevation of privileges (CVE-2019-14600, CVE-2019-14601), the ‘low’ risk vulnerability can cause information disclosure (CVE-2019-14629).
These vulnerabilities are not rated at high or critical but are yet still vulnerabilities and should be treated as such. Any flaw could aid an attacker in numerous ways, and it is recommended to keep your system up-to-date.