Windows 10 graphics: Intel warns, patch 19 severe driver flaws now

[The AchieVer]

Windows 10 graphics: Intel warns, patch 19 severe driver flaws now

Update Intel Windows graphics drivers, and stop using Intel Matrix Storage Manager and USB 3.0 Creator Utility.

 

 

 

 

Intel is warning Windows 10 users that old graphics drivers are riddled with security flaws that need to be updated with new updates that the company has released over the past year. 

 

The chip maker has disclosed what it says are high-severity flaws afflicting the graphics driver for Windows, which "may allow escalation of privileges, denial of service or information disclosure". 

 

"Intel is releasing Intel Graphics Driver for Windows updates to mitigate these potential vulnerabilities," Intel said. 

•  

The update is available from Intel's page for downloading graphics drivers.  

Intel employees found eight of the 19 security flaws fixed in the updated Windows drivers. One was reported by a security researcher who goes by the name @j00sean on Twitter, while the remainder were reported by an external Intel partner. 

 

To avoid now publicly disclosed Intel-driver security risks, Windows 10 users should be seeking Intel Graphics Driver

for Windows 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373.  

 

All 19 flaws were tagged with CVE dates in 2018. However, fortunately they all require an attacker to have local access to a machine to exploit them. Some of the updated drivers have been available for download for several months.  

 

Intel has also disclosed a high-severity flaw in the Intel Matrix Storage Manager, but rather than patching it, the company is telling users to uninstall the product and stop using it.   

 

"Intel is not releasing updates to mitigate this potential vulnerability and has issued a Product Discontinuation notice for Intel Matrix Storage Manager," Intel notes in its advisory.  

 

Intel explains that "improper permissions in Intel Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access". 

 

The company is also warning customers to stop using the Intel USB 3.0 Creator Utility because "all versions may allow an authenticated user to potentially enable escalation of privilege via local access". 

 

A product that Intel is updating is the Software Guard Extensions (SGX) software developer kit (SDK), which has a bug that could allow denial of service or information disclosure. 

 

The bug, CVE-2019-0122, is a double free memory flaw in the SGX SDK for Linux before version 2.2 and the SGX SDK for Windows before version 2.1. The bug allows an "authenticated user to potentially enable information disclosure or denial of service via local access". 

Intel recommends that Linux developers update to SGX SDK version 2.2 or later, while developers using Windows should update to Windows SDK version 2.1 or later. 

 

 

 

 

Source