Posted on 01/20/2016 7:33:51 PM PST by Utilizer
Intel has patched a major flaw in its driver utility tool that could allow attackers to install malware on victim PCs remotely.
The chipmaker has issued a patch advisory for its Driver Update Utility, urging customers to download the new version of the software.
The tool analyses system drivers on a user's computer and reports on and downloads any new drivers that are available.
The flaw - which exists because the software requests new drivers from Intel servers over an unencrypted connection - allows attackers to instigate man-in-the-middle attacks and cause the download of malicious files and software on victim PCs.
Proof of concept exploits of the vulnerability have already been posted online.
(Excerpt) Read more at itnews.com.au ...
Specifically win ver 7/8/8.1 64-bit.
No word yet if it has or will have an effect on win10.
Ping.
From Intel’s site:
The Intel Driver Update Utility supports 32-bit and 64-bit versions of Microsoft Windows Vista*, Windows 7*, Windows 8* and Windows 8.1*, and Windows 10.
If you’re operating system is not supported, visit Intel Download Center to look for available drivers.
https://www-ssl.intel.com/content/www/us/en/support/topics/iduu-faqs.html
Thanks for posting
No worries, mate. :) Hope it helps.
If this is usually in Program Files, I had to delete it today.
Malwarebytes found a Trojan.Vonteera and AdwCleaner said Driver Update Utility had to go.
Do I need to install the newer version or just leave it out?
Thanks to Utilizer for the ping!!
Is this something that will come through automatic updating or do we have to go to Intel for this?
This is one of those “helpful” utilities that periodically compares the manufacturer-specific drivers that are currently installed on your system and compares them with their inventory. It then tells you if there is a new one available. I find them annoying and usually do not install them.
The risk you take is if they come out with a major revision to something like the BIOS (Basic Input/Output System) - the internal utility that tells the operating system where all the hardware resides.
Bottom line - you can live without it.
It’s Intel not Microsoft so you’ll need to go to Intel for the updated utility.
If you build your own systems, this isn’t an issue, as most home builders don’t use the “driver update utility.” If, however, you have an OEM system from Dell, HP, Lenovo, etc. you might want to look for an update. This is a particularly nasty vulnerability. We exploited it in our lab with little more than a code change.
Whew! This XP user dodges the bullet again.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.