Intel Driver Update Utility Allowed MITM

Intel released an update to Intel Driver Update Utility on 19th of January, fixing an MITM and information disclosure vulnerability discovered by Core Security.

The Intel Driver Update Utility helps users to manage drivers and ensure that they are up-to-date. The tool informs users if there are new drivers available and offers a service to download required files with ease.

As it has been discovered by cyber security researchers at Core Security

Intel Driver Update Utility is prone to a Man in The Middle attack which could result in integrity corruption of the transferred data, information leak and consequently code execution.

Once the application ends the search process, it shows the user the available drivers updates. After downloading the drivers the user clicks on the ‘Install’ button and the binaries are executed. The only verification founded was on the VerifyDownloadURL method of the DriverManager class. This is doing a domain verification, that can be easily bypassed if the attacker is performing an ARP poisoning attack combined with DNS spoofing

Technically when the utility is running it looks for driver information on the server, however the communication process does not use SSL connection, thus allowing cyber attackers to initiate Man-In-The-Middle (MITM) attacks. Thanks to MITM attackers may send malware, spy on communication, retrieve information and conduct other malicious activities.

Based on information from Intel, the vulnerability CVE-2016-1493 affects versions 2.0-2.3. The flaw is not fixed in version 2.4.

Leave a Reply