VIDEO: Vulnerability in Intel Utility Allows Malware Attacks
-
A serious flaw in the Intel Driver Update Utility allows for man-in-the-middle attackers to install malware on user devices. Meanwhile, a Linux kernel vulnerability has been patched. To hear more, just play the video!
Transcription
Hey everyone welcome back for another edition of IT Rewind. Today is our 64th episode, the same number as former Green Bay Packer, Jerry Kramer. On today’s episode we take a look at an Intel flaw that allowed for possible man in the middle attacks. You’ll hear about this story and more right now on IT Rewind!
An Intel software utility called the “Intel Driver Update Utility” was found to contain a serious flaw that could allow for man in the middle attackers to install malicious malware on user devices. The vulnerability stems from a failure to encrypt HTTP connections that are used to check for driver updates. The tool was designed to provide an easy way to find the latest drivers for chipsets, graphics cards, wireless cards, desktop boards, NUC mini PC’s or the Intel Compute Stick. Since the discovery of the flaw in November, the issue has been fixed and a new version of the tool was released on Tuesday. Those who use the Intel Driver Update Utility are advised to download the latest version immediately.
Another serious vulnerability has been patched, this time involving Linux. The patch is for a critical Linux kernel flaw that affects versions 3.8 and higher and extends to two-thirds of Android devices. The vulnerability exists in the keyring facility, which encrypts and stores login info, encryption keys and certificates. The vulnerability was discovered by a startup called Perception Point. Yevgeny Pats, CEP of Perception Point said, quote – “It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine. With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon as the patch is out.” End quote.
Before we go we’d like to give a shout out to Kaeli O’Connell who was featured in this week’s Employee Spotlight. Kaeli is an Interactive Web Marketing Associate here are Continuum and was nominated for her ability to rapidly grow within her team. Do you have a recommendation for next week’s Employee Spotlight? If you know of an employee that has been going above and beyond lately, leave a comment below, or tweet @FollowContinuum using the #EmployeeSpotlight.
That’s all the time that we have for this week’s episode of IT Rewind, As always, read the full stories that we covered today and other tech stories by clicking on the links below.
Of course, you can always find us on Twitter, Instagram and Vine at FollowContinuum. We’re also on Facebook, LinkedIn, Spiceworks, YouTube and Periscope.
Take it easy.
-
Well that sucks. But honestly, with how bad Intel storage drivers are and how bad their HD graphics systems are, can we expect much else?
-
Looking in the details, this isn't much of a security issue (outside of untrusted networks). It requires DNS/ARP poisoning first. If you can do that you can break down a lot of mechanisms.
