CVE-2023-24542

Vulnerability

The Intel Thunderbolt DCH drivers for Windows before version 88 contain an unquoted search path vulnerability. This occurs when the driver installer or service references a path with spaces without enclosing it in quotes, allowing an attacker to place a malicious executable in a higher-priority directory that Windows searches. Affected versions: all prior to version 88 [1].

Exploitation

An authenticated user with local access can exploit this by placing a crafted executable in a directory that will be searched before the intended file. The attacker does not need special privileges beyond standard user access. The unquoted path is used during driver installation or service startup, triggering the search order [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code with elevated privileges, leading to escalation of privilege. The attacker gains the ability to run code in the context of the driver or system service, potentially compromising the entire system [1].

Mitigation

Intel has released driver version 88 to address this issue. Users should update to version 88 or later via Intel's official channels. No workarounds are documented; the fix is to apply the update. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date [1].