CVE-2024-28954 is a vulnerability identified in Intel Graphics Driver installers where incorrect default permissions on installer files or directories allow an authenticated user with low privileges to escalate their privileges locally. The issue arises because the installer components are accessible or modifiable by users who should not have such rights, enabling them to execute or manipulate installer processes to gain higher system privileges. The vulnerability requires local access and user interaction, with a high attack complexity, meaning an attacker must be able to log in and perform specific actions to exploit it. The CVSS 4.0 base score of 5.4 reflects a medium severity, considering the need for authentication and user interaction but the significant impact on system integrity and confidentiality if exploited. The vulnerability affects multiple versions of Intel Graphics Driver installers, though specific affected versions are not detailed here. No public exploits have been reported, but the potential for privilege escalation makes this a concern for environments where multiple users share systems or where attackers can gain initial low-level access. The vulnerability does not involve network vectors, so remote exploitation is not feasible. Intel and security agencies have published this vulnerability to encourage patching and mitigation.

If exploited, this vulnerability allows an authenticated local user to escalate their privileges, potentially gaining administrative or SYSTEM-level access. This can lead to unauthorized changes to system configurations, installation of persistent malware, or access to sensitive data. The compromise of system integrity and confidentiality could affect endpoint security, allowing attackers to bypass security controls and maintain persistence. In enterprise environments, this could facilitate lateral movement or privilege escalation after an initial foothold. Although remote exploitation is not possible, environments with shared access or weak user account controls are at higher risk. The impact extends to any organization using Intel Graphics Drivers on Windows systems, including corporate, government, and critical infrastructure sectors. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers often target such vulnerabilities once disclosed.

Organizations should monitor Intel's official channels for patches addressing this vulnerability and apply them promptly once available. Until patches are released, administrators should audit and restrict permissions on Intel Graphics Driver installer files and related directories to prevent unauthorized modification or execution by low-privileged users. Implementing strict access controls and using application whitelisting can reduce the risk of exploitation. Limiting local user accounts and enforcing the principle of least privilege will minimize the number of users who can exploit this vulnerability. Additionally, endpoint detection and response (EDR) solutions should be configured to detect unusual privilege escalation attempts. Regularly reviewing system logs for suspicious installer activity and educating users about the risks of executing untrusted installers can further reduce exposure.