CVE-2020-0554

Vulnerability

A race condition exists in the software installer for some Intel(R) Wireless Bluetooth(R) products on Windows 7, 8.1, and 10 [1]. This flaw occurs during the installation process and stems from the way the installer handles file operations or permissions, allowing a window of opportunity for an unprivileged attacker to interfere. The affected products include select Intel Wireless Bluetooth adapters and their accompanying driver/software packages as detailed in Intel Security Advisory SA-00337 [1].

Exploitation

An attacker must have local access to the target Windows system and be able to execute code during the software installation process [1]. The exploit requires precise timing to trigger the race condition, potentially by creating a symbolic link or manipulating files in the installation directory while the installer is running. No authentication beyond a standard user account is needed, making this a locally exploitable vulnerability [1].

Impact

Successful exploitation allows an unprivileged user to escalate their privileges on the system [1]. The attacker could gain elevated access, potentially leading to complete control over the affected system, including the ability to install programs, modify data, or create new accounts with full user rights. The confidentiality, integrity, and availability of the system may all be compromised [1].

Mitigation

Intel released a software update to address this vulnerability. Affected users should update the Intel Wireless Bluetooth software to the latest version provided by their system manufacturer or Intel as outlined in Intel-SA-00337 [1]. The official advisory dated August 13, 2020, contains specific version information. No workarounds are listed; updating is the recommended mitigation [1].