Vulnerability Management

Intel HD Graphics vulnerability enables arbitrary code execution in Windows 7 and earlier

A vulnerability in the Windows kernel driver that operates Intel's HD Graphics integrated graphics processor could allow a bad actor to either perform an arbitrary code execution or crash the affected device.

Designated as CVE-2016-5647 or TALOS-2016-0087, the flaw specifically resides in the driver's D3DKMTEscape function, which allows programs to communicate and exchange data with the display miniport driver. According to a blog post from Cisco's Talos research division, an attacker sending a maliciously crafted request to the Intel HD Graphics driver can trigger a null dereference within the kernel space. The bad actor can then seize control of the contents of the dereference, which sometimes contains values or pointers that lead to an arbitrary code execution in Windows 7 and earlier versions.

Windows 8 and later are not affected as severely, due to certain programming upgrades designed to mitigate against these kind of attacks. However, updating a machine's operating system is still not a perfect solution because the computer can still crash from the exploit, resulting in a denial of service.

Fortunately, Talos has noted that exploitation of the flaw is “limited to local context, such as a user executing a binary designed to exploit a system affected by TALOS-2016-0087.”

Even though the threat normally requires local access to be exploited, “It is possible that the user can be convinced into running that executable either by receiving the executable in an email message or downloading it from a website,” Earl Carter, security research engineer, Cisco Talos, noted in an email interview with “But the execution still needs to be initiated on the local system.”

Cisco initially notified Intel of the vulnerability in March 2016.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.