20 vulnerabilities have been fixed in the Intel Graphics Driver for Windows.
The flaws could lead to a range of attacks such as escalation of privilege, denial of service and information disclosure. It should be mentioned that local access to the system is required for an attack to take place.
Multiple potential security vulnerabilities in Intel Graphics Driver for Windows
According to Intel’s summary of the vulnerabilities, multiple potential security vulnerabilities in Intel Graphics Driver for Windows may allow escalation of privileges, denial of service or information disclosure.
Of the vulnerabilities, CVE-2018-12214 and CVE-2018-12216 are rated high in impact, with the rest having a medium or low rating.
CVE-2018-12214 is associated with potential memory corruption in Kernel Mode Driver in Intel Graphics for Windows prior to versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373, as per the advisory.
CVE-2018-12216 is associated with insufficient input validation in Kernel Mode Driver in Intel Graphics Driver for Windows before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373. The vulnerability potentially enables a privileged user to execute arbitrary code via local access via local access.
The other 18 vulnerabilities were low and medium in impact, and could be exploited locally in simple attacks with no user interaction. The only two flaws needing user interaction are CVE-2018-18090 and CVE-2018-18091 that could lead to denial-of-service attacks.
What products are affected?
Intel Graphics Driver for Windows before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 are affected by the 20 security flaws, so patching is required as soon as possible.
Intel follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are deployed, the advisory said.
Individuals who have information about a security issue or vulnerability with an Intel branded product or technology are urged to send an e-mail to secure@intel.com.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: