Intel Patches Security Flaw in Windows 10 Graphics Driver

Lately, Intel has released multiple updates for its Windows 10 graphics driver to patch severe security flaws. These security errors lead to denial of service, information exposure, increase to privilege if exploited by threat actors with local access to the system under attack.

After fixing these flaws Intel said, “Intel is releasing Intel Graphics Driver for Windows updates to mitigate these potential vulnerabilities.”

Users can download update from Intel’s page.

How Intel Identified these flaws?

A total of 19 errors were detected in Intel’s Graphics driver. Out of which one was reported by a security researcher and the remaining ones were reported by an external Intel partner. Two detected security flaws CVE-2018-12214 and CVE-2018-12213 are rated as high risk with CVSS Base Score of 7.3 and 8.2. Both can lead to escalation of privileges for local user. While others are rated as low or medium risk by the company.

CVE-2019-0122 bug is a double free memory flaw in SDK and SGX for Linux version earlier to 2.2 and for Windows version earlier to 2.1. This bug allows valid user to possibly enable information revelation or DoS through local access.

Has Intel Fixed all the Flaws?

According to reports, Intel employees found eight of the 19 security errors fixed in updated Windows driver.  Plus, Intel asks Linux developers using version 2.2 to update SGX and SDK and Windows developers using 2.1 or later to update SGX and SDK.

What to do to Avoid being a Victim?

To avoid being a target, Windows 10 users should update Intel’s graphics driver. All the 19 security errors are tagged with CVE dates in 2018. But the good news is, to exploit these flaws threat actors need to have local access of the machine. Updates for some of the drivers were already rolled out by Intel several months back.

As detailed in the advisory, “Intel recommends that users of Intel Graphics Driver for Windows update to versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 or later.”

Moreover, Intel is updating Software Guard Extensions (SGX) software developer kit (SDK) that has a bug that can permit denial of service. 

Also Read : Ways To Secure and Manage Windows 10

Do we need to Worry about anything else?’

Apart from the Graphics Driver flaw Intel has disclosed a high severity flaw in the Intel Matrix Storage Manager. However, Intel has not released any update for it. Instead the company is asking users to uninstall and stop using the product.

What is Intel’s Matrix Storage Manager flaw?

Intel describes that inappropriate authorization in Intel Matrix Storage Manager 8.9.0.1023 and earlier might let a valid user to possibly permit escalation of privilege via local access.

With regards to this, Intel is asking users to stop using Intel USB 3.0 Creator Utility, as this too can permit a valid user to possibly allow escalation of privilege through local access.