Intel Rapid Storage app bug lets malware evade AV

News
By published

DLL hijacking vulnerability could let hackers bypass antivirus engines

(Image credit: Shutterstock)

SafeBreach labs has discovered a vulnerability in Intel Rapid Storage Technology (Intel RST) that could allow malicious programs to bypass antivirus software.

Researchers from the firm discovered that in older versions of the software, the IAStorDataMGRSvc.exe executable will try to load four DLLs (Dynamic-link libraries) from the Intel Rapid Storage Technology folder on a user's C drive.

However, these DLLs do not exist in the same folder as the program's executable which means that  IAStorDataMGRSvc.exe will instead try and load these DLLs from other folders on a user's computer.

SafeBreach took advantage of this to create their own custom DLL that is loaded once IAStorDataMGRSvc.exe starts. Since this executable runs with system privileges, the researchers' DLL is loaded with the same privileges and thus has full access to the computer.

Intel Rapid Storage Technology flaw

The vulnerability SafeBreach discovered cannot be exploited by an attacker for privilege escalation since it requires administrative privileges to create a custom DLL in the first place.

However, the vulnerability could be used by an attacker to bypass antivirus scanning engines as the custom DLL will be loaded by the trusted Intel application.

SafeBreach researcher Peleg Hadar explained to BleepingComputer how an attacker could leverage this vulnerability, saying:

"An attacker can evade the antivirus by running within the context of Intel and perform malicious actions. Tested, and it works, very interesting and useful technique."

SafeBreach first reported the vulnerability to Intel back in July and the chipmaker has since released updated versions of its Intel Rapid Storage Technology software that patch the issue. It is recommended that users running older versions of Intel RST update their software to the latest version to prevent falling victim to any attacks that exploit this vulnerability.

Via BleepingComputer

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Buzz Lightyear Space Ranger Spin Rennovations

Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
See more latest
Most Popular
Buzz Lightyear Space Ranger Spin Rennovations
Disney’s giving a classic Buzz Lightyear ride a tech overhaul – here's everything you need to know
Samsung Magician 8.3.0
Samsung reveals a new version of its popular SSD software, and yes, you should absolutely download it if you own a Samsung SSD
NVIDIA RTX PRO 6000 Blackwell Server Edition
Nvidia's most expensive Blackwell card gets massive price cut but it is not the RTX 5090
Opera AI Tabs
Opera's new AI feature brings order to your browser tab chaos
An AI face in profile against a digital background.
The race to trillion-parameter model training in AI is on, and this company thinks it can manage it for less than $100,000
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so