The Intel Support Assistant utility was found to be vulnerable to privilege escalation through file manipulation and symbolic links, putting millions of Windows users at risk.
The impact:
The Intel Support Assistant was found to interact insecurely with nonprivileged data and directories, giving attackers the ability to execute code as privileged programs by modifying a nonprivileged file.
The attack only requires an attacker or malware to copy malicious code to a directory used by Intel Support Assistant, the issues with permissions allow for higher privileged actions that aren’t accessible by standard user accounts.
The remediation:
Intel released a patch (November 10th). It is imperative that those who haven’t updated do so immediately.
Source: DARK reading