This week, Intel released a major security patch for a driver utility tool that could leave users vulnerable.
In a security advisory released on Tuesday, Intel said that the update fixes a vulnerability that could allow hackers to remotely install malware. "This update to the Intel Driver Update Utility mitigates the use of a non-SSL URL. Intel has released a new version of the software that provides mitigation of this issue," the company said in a statement. "The Intel Driver Update Utility analyses Intel product drivers on your computer and lets you know if driver updates are available. The utility can be used to download and install selected driver updates on your computer. This update helps mitigate the use of a non-SSL URL."
The bug was discovered by Core Security researcher Joaquín Rodríguez Varela and disclosed on the Seclist Full Disclosure page. "Intel Driver Update Utility is prone to a man-in-the-middle attack which could result in integrity corruption of the transferred data, information leak and consequently code execution," said Varela on the vulnerability. Core Security first notified Intel of this bug back in November, but only tested Intel Driver Update version 220.127.116.11 for the bug. Intel discovered the flaw affected more versions of its software, but thanked Core Security for reporting the issue and agreeing to work with Intel’s disclosure timeline in this week’s security bulletin. Customers using Intel Driver Update Utility versions 2.0, 2.1, 2.2, and 2.3 are urged to download and apply the updated version of the software at this time.
Photo: © iStock.