Serious flaw patched in Intel Driver Update Utility
A software utility that helps users download the latest drivers for their Intel hardware components contained a vulnerability that could have allowed man-in-the-middle attackers to execute malicious code on computers.
The tool, known as the Intel Driver Update Utility, can be downloaded from Intel’s support website. It provides an easy way to find the latest drivers for various Intel chipsets, graphics cards, wireless cards, desktop boards, Intel NUC mini PCs or the Intel Compute Stick.
The vulnerability stems from the tool using unencrypted HTTP connections to check for driver updates. Such connections can be intercepted and modified by attackers located on the same local network as affected computers or in control of a router along their Internet connection paths.