Serious Flaw Patched In Intel Driver Update Utility

itwbennett writes: The flaw in a utility that helps users download the latest drivers for their Intel hardware components stems from the tool using unencrypted HTTP connections to check for driver updates. It was discovered by researchers from Core Security and was reported to Intel in November. The Core Security researchers found that the utility was checking for new driver versions by downloading XML files from Intel's website over HTTP. These files included the IDs of hardware components, the latest driver versions available for them and the corresponding download URLs. Intel Driver Update Utility users are strongly advised to download the latest version from Intel's support website.

Re:This is "Serious"?

[The-Ixian]

More like someone could easily MITM an unencrypted HTTP stream and redirect the user to a different download.... then, when the person executes the malicious payload.... bam! cryptowall!