Intel is warning Windows 10 users that old graphics drivers are riddled with security flaws that need to be updated with new updates that the company has released over the past year.
The chip maker has disclosed what it says are high-severity flaws afflicting the graphics driver for Windows, which "may allow escalation of privileges, denial of service or information disclosure".
"Intel is releasing Intel Graphics Driver for Windows updates to mitigate these potential vulnerabilities," Intel said.
The update is available from Intel's page for downloading graphics drivers.
Intel employees found eight of the 19 security flaws fixed in the updated Windows drivers. One was reported by a security researcher who goes by the name @j00sean on Twitter, while the remainder were reported by an external Intel partner.
To avoid now publicly disclosed Intel-driver security risks, Windows 10 users should be seeking Intel Graphics Driver for Windows 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 184.108.40.20673.
All 19 flaws were tagged with CVE dates in 2018. However, fortunately they all require an attacker to have local access to a machine to exploit them. Some of the updated drivers have been available for download for several months.
Intel has also disclosed a high-severity flaw in the Intel Matrix Storage Manager, but rather than patching it, the company is telling users to uninstall the product and stop using it.
"Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation notice for Intel Matrix Storage Manager," Intel notes in its advisory.
Intel explains that "improper permissions in Intel Matrix Storage Manager 220.127.116.113 and before may allow an authenticated user to potentially enable escalation of privilege via local access".
The company is also warning customers to stop using the Intel USB 3.0 Creator Utility because "all versions may allow an authenticated user to potentially enable escalation of privilege via local access".
A product that Intel is updating is the Software Guard Extensions (SGX) software developer kit (SDK), which has a bug that could allow denial of service or information disclosure.
The bug, CVE-2019-0122, is a double free memory flaw in the SGX SDK for Linux before version 2.2 and the SGX SDK for Windows before version 2.1. The bug allows an "authenticated user to potentially enable information disclosure or denial of service via local access".
Intel recommends that Linux developers update to SGX SDK version 2.2 or later, while developers using Windows should update to Windows SDK version 2.1 or later.
Previous and related coverage
Along with blocks on releasing Windows 10 to certain users, Microsoft will now remove updates that aren't compatible with the installed version of Windows 10.
Researchers say Intel won't be able to use a software mitigation to fully address the problem Spoiler exploits.
Intel is rolling out Universal Windows Drivers that are required for Windows 10 1809.
Microsoft puts another block on the Windows 10 1809 rollout and says it's all part of its "controlled approach".
Blue screen of death crashes fixed by removing HP keyboard driver with known compatibility issues.
Intel accidentally pushed an incompatible audio driver to Windows 10 devices through Windows Update.
Back up files before upgrading to Windows 10 1809, and if you get a warning about Intel drivers, do not proceed.
PC OEMs are building less computers due to a shortage of Intel CPUs, sending the DRAM market into freefall.
The Trump administration wants its European ally to cut the Chinese telecom out of its 5G rollout.