Cisco Talos blog - 11 July 2016 http://blog.talosintel.com/2016/07/Intel-HD-Graphics-Vulnerability.html
Thanks Dermot7 ! I noticed also a thread at the Dutch forum Security.nl, for the Dutch members among us. ===== I am a little bit surprised that the topic didn't get more responce. Maybe I should have posted it at another sub-forum. ===== The situation is not very clear to me. Is it true, as posted at that threatpost blog, that "NTVDM is only part of 32-bit Windows, it’s not part of any 64-bit version of Windows"? I see lots of ntvdm64.dll files on Win-7 64-bit. Am I misunderstanding things? ===== More in general about this kind of Intel driver vulnerabilities: - How can you actually know whether your system is vulnerable to these kind of things? Where is the very detailed info from Intel (I mean: really very, very detailed info from Intel)? - For how long is Intel actually going to patch older systems? Three years, five years? Where does Intel give such info? - Who is going to patch it (if at all)? Is it Intel? Is it Microsoft by Windows update (if updating this kind of drivers via MS works at all; I have seen it not working)? Is it your motherboard manufactorer?
Privilege escalation applies to Win 7 and earlier. On Win 8+, exploit would just cause a system crash.
I am user Spiff that was posting in that Security.nl thread. I downloaded the vulnerable version 10.18.14.4264 tested by Talos. The Installation_Readme says: Intel Graphics Driver: 10.18.14.4264 The Readme says: Driver Version: 15.36.24.64.4264 Intel uses this binomial format: 15.36.24.64.4264 (10.18.14.4264) (I don't know why, but they do.) Intel's Security Center page Multiple Potential Vulnerabilities in the Intel Graphics Driver for Microsoft Windows mentions three series that are vulnerable and for which mitigated versions are available: the 15.33.xx.(xx.)xxxx, 15.36.xx.(xx.)xxxx and 15.40.xx.(xx.)xxxx series. What is unknown to me, that is whether other (older) Intel Graphics Driver series may also be vulnerable, or not. Nothing is mentioned about that. One of my systems is a notebook with an Intel Pentium P6200 [Dual Core, Mobile] [Arrendale] with integrated Intel HD Graphics. The latest compatible driver that Intel offers for the P6200, seems to be the 2/19/2013 driver version 15.22.58.64.2993 (8.15.10.2993). No idea whether that or any previous versions of that 15.22.xx.(xx.)xxxx series is vulnerable, but there is no recent version available anyhow. The same applies to other older Intel CPU's with integrated Intel HD Graphics, no recent versions available for those either. Yep. You're right, of course. Exploitation of the vulnerability is limited to local context, so I won't let it bother me.
Thanks for the replies. I was notified by Windows (Win 7 64-bit) about an important update for my Intel HD Graphics 4600, that seemed to have been released yesterday. Not for the first time such an installation failed. Whether the update is related to the above mentioned vulnerability, I don't know at the moment. Related post in the Software forum, thread Bork Tuesday, reply # 2531