Intel Fixes Driver Update Utility

Friday, January 22, 2016 @ 04:01 PM gHale

Intel mitigated a remotely exploitable vulnerability in the Intel Driver Update Utility which could end up leveraged in a man-in-the-middle attack to corrupt transferred data, which could lead to information leak and ultimately even code execution.

The Intel Driver Update Utility is a tool that analyzes the system drivers on the user’s computer.

McAfee Application Control Flaws Found
Flaws Found in Security Providers’ Wares
Avast Patches AV Zero Day

The Utility reports if any new drivers for Intel components (integrated graphics controllers, audio devices, wireless products, Ethernet network add-in adapters, etc.) are available, and provides the option to automatically install them.

Versions 2.0 through 2.3 of the Utility suffer from the issue, and the update (v2.4 and later) mitigates the use of a non-SSL URL for the download, which allowed cleartext transmission of sensitive information (update information).

The flaw ended up discovered by the Core Security Research Team.

Click here for more technical details.