Major security flaw found in Intel driver software

The flaw could have allowed an attacker to install malware on affected machines through a man-in-the-middle attack.
Written by Zack Whittaker, Contributor
(Image: CNET/CBS Interactive)

Intel has fixed a major security vulnerability in a driver utility tool that could allow an attacker to remotely install malware.

The company has advised those who use the Intel Driver Update Utility to download an updated version of the software, which mitigates a vulnerability in how the software requests new drivers from Intel's servers.

In a security advisory, the chipmaker confirmed that versions 2.0 to 2.3 put PCs at risk because they check Intel's servers over an unencrypted connection. An attacker could conduct a man-in-the-middle on the affected software. which could trick the software into downloading malware or other malicious files.

An updated tool, version 2.4, now talks to Intel's server over a secure SSL connection.

Core Security, which privately notified Intel of the flaw in mid-November, said in its own advisory that exploiting the flaw would have been trivial because the tool's verification could be "easily bypassed."

The security firm also posted details of the flaw on the Full Disclosure mailing list.

It's not immediately clear how many users are affected by the flaw, however. An Intel spokesperson did not return a request for comment at the time of writing.

We'll update if we hear back.

14 privacy tools you should use to stay secure

Editorial standards