Note: this blog is now retired since the download URL for the Intel DTT drivers is no longer available and I could not find an alternative. The text and scripts remain for reference only.
I’ve never been a fan of security – I see it as nothing more than a necessary evil. I don’t lock the door and close the windows when I leave the house because I want to, only because I need to for security. Even so, I appreciate everyone who works hard to keep the bad guys away, and in the corporate IT landscape the need to be secure is greater than ever.
We use Tenable Nessus for vulnerability scanning, and an Intel Dynamic Tuning Technology vulnerability was recently flagged for attention, so after some research I prepared an Intune remediation to deal with this.
If you haven’t seen it, you can find more details on this here:
https://www.tenable.com/plugins/nessus/180052
https://nvd.nist.gov/vuln/detail/CVE-2022-29470
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00875.html
Long story short, if you have Intel DTT drivers installed prior to version 8.7.10400.15482 you’re vulnerable to a potential escalation of privilege. Note that this driver previously existed as “Intel(R) Dynamic Platform & Thermal Framework” which is why some of the driver files still start with “dptf”
To detect, the remediation simply checks whether you have a driver installed below the patched version.
To fix, the remediation downloads the drivers from Intel, installs them using pnputil.exe (if no patched driver versions currently exist), and then removes any older versions.
The remediation script is installing the version available at the time of writing – do check the Intel page here in case of newer versions becoming available.
You can find the remediation scripts here:
https://github.com/SMSAgentSoftware/MEM/tree/main/Proactive%20remediations/CVE-2022-29470
