Intel Driver Update Utility Patched

Intel Driver Update Utility Patched

intel tool patched

Intel’s software utility, designed to help users download drivers, has recently been patched to remove a serious flaw. This vulnerability may have allowed malicious code to be downloaded onto computers by the man-in-the-middle attackers.

Tool’s flaw exposed the system to attacks

intel tool flaw
Image credit: Christiaan Colen / Flickr

Intel Driver Update Utility can be easily downloaded at Intel’s support website. It provides a convenient way to find the latest drivers for various Intel chipsets, graphics cards, desktop boards, and other types of hardware.

The mentioned vulnerability occurred when the tool checked for driver updates thorough an unencrypted HTTP connection. Attackers could then intercept these connections and modify them, using the same local network or being in control of the router along the connection path.

In November, researchers from Core Security were the ones to discover the flaw and report it to Intel. The chip maker was quick to fix the problem and release an updated version of the tool.

The patched tool is now available

intel tool steps

For safety reasons, it is strongly recommended that users of the Intel Driver Update Utility download the latest version from the Intel support website.

Testing the patched tool, Core Security researchers discovered that rather than using HTTP, the utility checked for new drivers by downloading XML files from the Intel site. These files include the IDs of hardware components, the latest driver versions available, and the corresponding download URLs. This information is showed through the interface of the tool, and the user must confirm the installation of any updates that are available.

The tool checks that the download URLs point to the files hosted under Intel’s domain name. Core Security researchers insist that the problem still stands though, as man-in-the-middle attackers now can modify the XML files in transit and bypass the tool’s domain check with techniques like DNS spoofing or ARP poisoning.

This vulnerability is only the latest in the string of security flaws that occurred in support software distributed by hardware manufacturers.

[Featured image credit: Stephen Lawson]