Intel is warning Windows 10 users that old graphics drivers are riddled with security flaws that need to be updated with new updates that the company has released over the past year.
The chip maker has disclosed what it says are high-severity flaws afflicting the graphics driver for Windows, which “may allow escalation of privileges, denial of service or information disclosure”.
“Intel is releasing Intel Graphics Driver for Windows updates to mitigate these potential vulnerabilities,” Intel said.
The update is available from Intel’s page for downloading graphics drivers.
Intel employees found eight of the 19 security flaws fixed in the updated Windows drivers. One was reported by a security researcher who goes by the name @j00sean on Twitter, while the remainder were reported by an external Intel partner.
To avoid now publicly disclosed Intel-driver security risks, Windows 10 users should be seeking Intel Graphics Driver for Windows 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 18.104.22.16873.
All 19 flaws were tagged with CVE dates in 2018. However, fortunately they all require an attacker to have local access to a machine to exploit them. Some of the updated drivers have been available for download for several months.
Intel has also disclosed a high-severity flaw in the Intel Matrix Storage Manager, but rather than patching it, the company is telling users to uninstall the product and stop using it.
“Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation notice for Intel Matrix Storage Manager,” Intel notes in its advisory.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
Intel explains that “improper permissions in Intel Matrix Storage Manager 22.214.171.1243 and before may allow an authenticated user to potentially enable escalation of privilege via local access”.
The company is also warning customers to stop using the Intel USB 3.0 Creator Utility because “all versions may allow an authenticated user to potentially enable escalation of privilege via local access”.
A product that Intel is updating is the Software Guard Extensions (SGX) software developer kit (SDK), which has a bug that could allow denial of service or information disclosure.
The bug, CVE-2019-0122, is a double free memory flaw in the SGX SDK for Linux before version 2.2 and the SGX SDK for Windows before version 2.1. The bug allows an “authenticated user to potentially enable information disclosure or denial of service via local access”.
Intel recommends that Linux developers update to SGX SDK version 2.2 or later, while developers using Windows should update to Windows SDK version 2.1 or later.
Previous and related coverage
Microsoft: Windows 10 can now automatically uninstall buggy updates
Along with blocks on releasing Windows 10 to certain users, Microsoft will now remove updates that aren’t compatible with the installed version of Windows 10.
All Intel chips open to new Spoiler non-Spectre attack: Don’t expect a quick fix
Researchers say Intel won’t be able to use a software mitigation to fully address the problem Spoiler exploits.
Windows 10 graphics: Intel unveils new ‘modern’ drivers for 1809 and beyond
Intel is rolling out Universal Windows Drivers that are required for Windows 10 1809.
New Windows 10 1809 block: Microsoft halts update if you use flawed Intel drivers
Microsoft puts another block on the Windows 10 1809 rollout and says it’s all part of its “controlled approach”.
Windows 10 BSOD problems: Microsoft offers up driver fix for HP crashes
Blue screen of death crashes fixed by removing HP keyboard driver with known compatibility issues.
Windows 10 audio problems? Intel issued buggy driver but we fixed it, says Microsoft
Intel accidentally pushed an incompatible audio driver to Windows 10 devices through Windows Update.
Windows 10 October update problems: Wiped docs, plus Intel driver warning
Back up files before upgrading to Windows 10 1809, and if you get a warning about Intel drivers, do not proceed.
DRAM chip prices plummet due to Intel CPU shortage, prompting retail sales TechRepublic
PC OEMs are building less computers due to a shortage of Intel CPUs, sending the DRAM market into freefall.
US tells Germany to drop Huawei or it’ll limit intel sharing, report says CNET
The Trump administration wants its European ally to cut the Chinese telecom out of its 5G rollout.
Credit: Source link