Vulnerability Intel HD Graphics Windows Kernel Driver

Discussion in 'hardware' started by FanJ, Jul 12, 2016.

  1. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Cisco Talos blog - 11 July 2016
    http://blog.talosintel.com/2016/07/Intel-HD-Graphics-Vulnerability.html

     
  2. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    https://threatpost.com/intel-patches-local-eop-vulnerability-impacting-windows-7/119248/
     
  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Thanks Dermot7 !

    I noticed also a thread at the Dutch forum Security.nl, for the Dutch members among us.

    =====

    I am a little bit surprised that the topic didn't get more responce. Maybe I should have posted it at another sub-forum.

    =====

    The situation is not very clear to me.

    Is it true, as posted at that threatpost blog, that "NTVDM is only part of 32-bit Windows, it’s not part of any 64-bit version of Windows"?
    I see lots of ntvdm64.dll files on Win-7 64-bit. Am I misunderstanding things?

    =====

    More in general about this kind of Intel driver vulnerabilities:

    - How can you actually know whether your system is vulnerable to these kind of things? Where is the very detailed info from Intel (I mean: really very, very detailed info from Intel)?

    - For how long is Intel actually going to patch older systems? Three years, five years? Where does Intel give such info?

    - Who is going to patch it (if at all)? Is it Intel? Is it Microsoft by Windows update (if updating this kind of drivers via MS works at all; I have seen it not working)? Is it your motherboard manufactorer?
     
  4. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Local privilege escalation - don't give access of your system to strangers.
    Mrk
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Privilege escalation applies to Win 7 and earlier. On Win 8+, exploit would just cause a system crash.
     
  6. Stupendous Man

    Stupendous Man Registered Member

    Joined:
    Aug 1, 2010
    Posts:
    1,065
    Location:
    the Netherlands
    I am user Spiff that was posting in that Security.nl thread.

    I downloaded the vulnerable version 10.18.14.4264 tested by Talos.
    The Installation_Readme says: Intel Graphics Driver: 10.18.14.4264
    The Readme says: Driver Version: 15.36.24.64.4264
    Intel uses this binomial format: 15.36.24.64.4264 (10.18.14.4264) (I don't know why, but they do.)

    Intel's Security Center page Multiple Potential Vulnerabilities in the Intel Graphics Driver for Microsoft Windows mentions three series that are vulnerable and for which mitigated versions are available:
    the 15.33.xx.(xx.)xxxx, 15.36.xx.(xx.)xxxx and 15.40.xx.(xx.)xxxx series.

    What is unknown to me, that is whether other (older) Intel Graphics Driver series may also be vulnerable, or not.
    Nothing is mentioned about that.

    One of my systems is a notebook with an Intel Pentium P6200 [Dual Core, Mobile] [Arrendale] with integrated Intel HD Graphics.
    The latest compatible driver that Intel offers for the P6200, seems to be the 2/19/2013 driver version 15.22.58.64.2993 (8.15.10.2993).
    No idea whether that or any previous versions of that 15.22.xx.(xx.)xxxx series is vulnerable, but there is no recent version available anyhow.
    The same applies to other older Intel CPU's with integrated Intel HD Graphics, no recent versions available for those either.

    Yep. You're right, of course.
    Exploitation of the vulnerability is limited to local context, so I won't let it bother me. :)
     
  7. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
    Thanks for the replies.
    I was notified by Windows (Win 7 64-bit) about an important update for my Intel HD Graphics 4600, that seemed to have been released yesterday.
    Not for the first time such an installation failed. Whether the update is related to the above mentioned vulnerability, I don't know at the moment.
    Related post in the Software forum, thread Bork Tuesday, reply # 2531
     
Loading...