The Intel Support Assistant utility was found to be vulnerable to privilege escalation through file manipulation and symbolic links, putting millions of Windows users at risk.
The Intel Support Assistant was found to interact insecurely with nonprivileged data and directories, giving attackers the ability to execute code as privileged programs by modifying a nonprivileged file.
The attack only requires an attacker or malware to copy malicious code to a directory used by Intel Support Assistant, the issues with permissions allow for higher privileged actions that aren’t accessible by standard user accounts.
Intel released a patch (November 10th). It is imperative that those who haven’t updated do so immediately.
Source: DARK reading