Architecture, Network security, Threats, Malware

Intel patches vulnerable driver update utility

January 19, 2016

Intel today issued a patch to fix a vulnerability associated with the Intel driver update utility MitM that could have been remotely exploited by a bad actor.

The vulnerability (CVE-2015-1493) was discovered by Core Security researchers in November who found that the driver, version, transmits sensitive or security critical data in a cleartext communication channel that could potentially be intercepted by an unauthorized person.

“The update request could be automatically detected by a third party on the same network and then the reply could be modified transparently, making the user download what is supposed to be a legitimate driver, but instead could be anything from malware to a remote access tool or whatever the malicious user wants,” Joaquin Rodriguez Varela, senior security researcher for Core Security told in a Tuesday email.

prestitial ad