Intel’s Critical Software Vulnerability Gets Fixed

Intel the chipmaker recently released a security patch to correct critical flaw within certain driver utility application which incase exploited could've let man-in-the-middle assault along with malware loading onto victims' PCs. Recognized as one desktop application, Intel's Driver Update Utility is capable of loading as also automating the procedure of driver update. When active and working, the utility scrutinizes the victimized user's computer, finding every Intel tool, examining for knowing whether the tools' drivers have a newer edition, followed with downloading, planting as also making the previous drivers up-to-date.

Knowledge of the above development to Intel came from Core Security, and Intel acknowledged the latter's assistance. Within one security advisory, it recommended all organizations and consumers to update before proceeding. The flaw could let a cyber-criminal execute one ARP poisoning assault against the victimized entity's network in combination with DNS spoofing while record the update queries, substituting downloaded driver with anything the criminal desired.

He could deliver malicious software rather than the actual drivers of Intel, while the Driver Update Utility could mechanically pull down the files as also mechanically get them to run, using the user's system-level rights. Softpedia posted this, January 20, 2016. After execution of the assault, the cyber-criminal would've to monitor clear-text created HTTP traffic to provide to update-servers of Intel, while get involved only then, delivering harmful software like an adware yielding small bucks, alternatively even harmful malware such as ransomware for holding victims at large monetary ransoms.

Joaquín Rodríguez Varela Researcher at Core Security reported the flaw via the Seclist Full Disclosure web-pages and stated the flaw intended for Intel's Driver Update Utility version 2.2.0.5. While Core didn't examine the remaining editions, Intel did to state versions 2.3, 2.2, 2.1 and 2.0 too were susceptible to the bug.

Intel strongly suggests all clients of the flawed software to acquire and deploy the latest revised edition. Intel joins Toshiba, Lenovo and Dell to complete the formation of Four Horsemen against bad support utility program even as the company expresses gratitude to Core Security which disclosed the problem as well as worked with Intel to fix a time-limit for disclosure.

» SPAMfighter News - 1/28/2016