CVE-2023-25779

Vulnerability

An uncontrolled search path element exists in Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88. This vulnerability allows the driver to load a DLL from an untrusted directory, potentially enabling privilege escalation. Affected versions are all prior to version 88. [1]

Exploitation

An attacker with local access and valid authentication can exploit this by placing a malicious DLL in a directory that is searched by the driver's loader. When the driver loads, it will load the attacker's DLL instead of the legitimate one, executing arbitrary code in the context of the driver. No user interaction beyond the attacker's own actions is required. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary code with elevated privileges, potentially gaining SYSTEM-level access. This results in a complete compromise of confidentiality, integrity, and availability of the affected system. [1]

Mitigation

Intel has released version 88 of the Thunderbolt DCH drivers, which addresses the uncontrolled search path element. Users should update to version 88 or later. The advisory is available at [1]. No workarounds are documented.