Intel Fixes Driver Update Utility
Friday, January 22, 2016 @ 04:01 PM gHale
Intel mitigated a remotely exploitable vulnerability in the Intel Driver Update Utility which could end up leveraged in a man-in-the-middle attack to corrupt transferred data, which could lead to information leak and ultimately even code execution.
The Intel Driver Update Utility is a tool that analyzes the system drivers on the user’s computer.
The Utility reports if any new drivers for Intel components (integrated graphics controllers, audio devices, wireless products, Ethernet network add-in adapters, etc.) are available, and provides the option to automatically install them.
Versions 2.0 through 2.3 of the Utility suffer from the issue, and the update (v2.4 and later) mitigates the use of a non-SSL URL for the download, which allowed cleartext transmission of sensitive information (update information).
The flaw ended up discovered by the Core Security Research Team.