Intel fixed 20 security vulnerabilities in the Intel Graphics Driver for Windows which would lead to escalation of privilege, denial of service, or information disclosure if exploited by attackers with local access to the system under attack.

According to the QSR advisory published 2 days ago, Intel issued multiple updates for its into graphics driver for Windows designed to mitigate the vulnerabilities found by internal and external security researchers.

Out of the 20 vulnerabilities found in the Intel Graphics Driver for Windows, two were rated as high risk with CVSS Base Scores of 7.3 and 8.2, allowing local attackers to execute arbitrary code after escalating their privileges.

Attackers require local access to exploit Intel Graphics Driver flaws

To be more exact, the security issues tracked as CVE-2018-12214 and CVE-2018-12216 could lead to an escalation of privileges for local users following a potential memory corruption in Kernel Mode Driver and insufficient input validation in Kernel Mode Driver, respectively.

The rest of the 18 vulnerabilities patched by Intel were rated as low and medium risk, all of them being exploitable via local attack vectors with low attack complexity and no user interaction needed—the only ones who would need the user's attention are CVE-2018-18090 and CVE-2018-18091 that would trigger a DoS state.

As detailed in the advisory, "Intel recommends that users of Intel Graphics Driver for Windows update to versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 or later."

Affected Products:

Intel Graphics Driver for Windows before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373.

All the Intel Graphics Driver for Windows security updates are available for download from Intel's Drivers & Software Download Center

Intel also disclosed two high-risk vulnerabilities (CVE-2019-0135 and CVE-2019-0121) in its Intel Matrix Storage Manager and Intel Accelerated Storage Manager in RSTe software that could allow escalation of privilege.

In addition, two other software flaws of medium severity (CVE-2019-0122 and CVE-2019-0129) were found to impact the Intel Software Guard Extensions (SGX) SDK and the Intel USB 3.0 Creator Utility, possibly leading to denial of service, information disclosure, and escalation of privilege, respectively.