Malware, Network Security

Intel patches vulnerable driver update utility

Intel today issued a patch to fix a vulnerability associated with the Intel driver update utility MitM that could have been remotely exploited by a bad actor.

The vulnerability (CVE-2015-1493) was discovered by Core Security researchers in November who found that the driver, version 2.2.0.5, transmits sensitive or security critical data in a cleartext communication channel that could potentially be intercepted by an unauthorized person.

“The update request could be automatically detected by a third party on the same network and then the reply could be modified transparently, making the user download what is supposed to be a legitimate driver, but instead could be anything from malware to a remote access tool or whatever the malicious user wants,” Joaquin Rodriguez Varela, senior security researcher for Core Security told SCMagazine.com in a Tuesday email.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.