From PC World: A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.
The tool, known as the Intel Driver Update Utility, can be downloaded from Intel's support website. It provides an easy way to find the latest drivers for various Intel chipsets, graphics cards, wireless cards, desktop boards, Intel NUC mini PCs or the Intel Compute Stick.
The vulnerability stems from the tool using unencrypted HTTP connections to check for driver updates. Such connections can be intercepted and modified by attackers located on the same local network as affected computers or in control of a router along their Internet connection paths.
The flaw was discovered by researchers from Core Security and was reported to Intel in November. The chip maker fixed the issue and released an updated version of the tool on Tuesday.
Intel Driver Update Utility users are strongly advised to download the latest version from Intel's support website.
View: Article @ Source Site
