Synaptics Audio Driver Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in the Synaptics audio drivers, specifically in the CxUIUSvc64.exe and CxUIUSvc32.exe components. This vulnerability allows a local authorized attacker to load a DLL into a privileged process. The issue arises because the CxUIUSvc service creates a named pipe without proper security restrictions, enabling any user to send data that can be used to execute malicious DLLs with elevated privileges.

Impact

Exploitation of this vulnerability allows for unauthorized elevation of privileges by loading a malicious DLL into a process with elevated rights, where it can be executed with higher permissions.

Reproduction

To reproduce this vulnerability, a local authenticated user can create a pipe client that connects to the named pipe established by the CxUIUSvc service. Once connected, the client can send a message containing the path to a malicious DLL. The service will then load this DLL into a privileged process, effectively exploiting the vulnerability.

Remediation

Users are advised to uninstall the End-of-Life Synaptics audio drivers that include CxUIUSvc64.exe or CxUIUSvc32.exe.