Besides that, DSATray will fire the process DSATray.exe, which will open a browser window and display the following: Figure 2. You, as a regular user, can run the DSATray.exe client, which will initiate the beginning of an update session on the local machine. The bottom two are responsible for user interaction. It is responsible for downloading the new software, installing drivers, and monitoring existing products.Īnother privileged component is the DSAUpdateService, which runs and installs new patches, as we will discuss later. The first and most important service is the DSAService, which essentially acts as a manager. Notice the integrity level of the first two processes.
There are four processes two services and two helper programs that are responsible for the whole shebang. Examining this further, the architecture is rather complicated. As a result, we should expect a service or some other kind of privileged software that will do that. To do so, it must run in a privileged context so that it can install new software on the system. The Intel Support Assistant, as its name states, is software that is designed to assist the local user in finding missing drivers and providing updates upon release. By running a non-privileged software, or by going to. Intel Support Assistant exposes the local Windows machine to privilege escalation.
This is the fourth part of the research series – you can read, part 1, part 2, part 3 and part 4 on the CyberArk Threat Research Blog.
We will also touch on the second, which is a trivial arbitrary write with arbitrary content vulnerability. While both vulnerabilities can lead to a full privilege escalation, for the purposes of this blog, we’ll focus on the arbitrary delete vulnerability as it is a bit more complex. These vulnerabilities have since been disclosed and Intel has issued a fix. The first vulnerability is of an arbitrary file deletion, which is quite common among update-related programs and the second is an easy full privilege escalation vulnerability that allows you to run code as NT AUTHORITY\SYSTEM. This post focuses on two vulnerabilities the CyberArk Labs team uncovered in the Intel Support Assistant that affected the millions of Windows machines that run this software.
0 kommentar(er)
