Security researchers working for Cisco Talos have found a vulnerability the Intel HD Graphics driver that in the worst case allows arbitrary code execution by a local attacker. The worst case scenario is for users on Windows 7 and older, on Windows 8 and newer an attacker can crash the system when exploiting the vulnerability.
"This vulnerability exists in the communication functionality of the driver and can be exploited if a specially crafted message is sent to the driver, resulting in a denial of service or arbitrary code execution", the Cisco researchers write in their security advisory.
Arbitrary code execution means that the attacker is able to execute any command he wants on the target machine.
In this case only a local user can exploit the vulnerability, this could be an actual user but also malware running on the computer.
The vulnerability exists in the drivers with version numbers 15.33.42.4358 or 15.36.30.4385 or 15.40.4404 and prior versions. Cisco reported the issue to Intel in March and the chip giant also posted a security advisory on its website stating the issue has been resolved. Users are advised to upgrade their drivers as soon as possible.
