Slashdot Mirror

← Back to Stories (view on slashdot.org)

Serious Flaw Patched In Intel Driver Update Utility (csoonline.com)

Posted by samzenpus on from the problem-protein dept.

itwbennett writes: The flaw in a utility that helps users download the latest drivers for their Intel hardware components stems from the tool using unencrypted HTTP connections to check for driver updates. It was discovered by researchers from Core Security and was reported to Intel in November. The Core Security researchers found that the utility was checking for new driver versions by downloading XML files from Intel's website over HTTP. These files included the IDs of hardware components, the latest driver versions available for them and the corresponding download URLs. Intel Driver Update Utility users are strongly advised to download the latest version from Intel's support website.

1 of 34 comments (clear)

  1. Good thing no one buys security from Intel by xxxJonBoyxxx · · Score: 4, Funny

    >> Intel uses unencrypted HTTP connections to check for driver updates.

    What a bunch of dumbasses! It's a good thing no one buys security from Intel!

    >> http://www.intelsecurity.com/
    >> http://www.intel.com/content/w...

    (quits laughing, starts crying)