Defender warns about issues in openssl libcrypto-3-x64.dll, libssl-3-x64.dll included in Intel driver. These include, but are not limited to:
iclsclient.inf_amd64_76523213b78d90461.63.1155.1iclsclient.inf_amd64_4911ed214bf8cf231.67.548.0iclsclient.inf_amd64_9783a0a827c7c2a21.69.11.0iclsclient.inf_amd64_4e9e8c349f3a1aca1.70.101.0iclsclient.inf_amd64_fc84dfa25a6a77271.71.99.0iclsclient.inf_amd64_b4ad878dc01a7e411.72.189.0iclsclient.inf_amd64_c25dbc60ad3b371a1.74.210.0
The current latest version is at this time not vulnarble:
iclsclient.inf_amd64_bc9b92a50d5270611.75.121.0
There is 2 types iCLS devices that this driver is used for:
SWC\PROVIDER_INTEL_COMPONENT_ICLSCLIENTSWC\PROVIDER_INTEL_COMPONENT_ICLSCLIENT_ES_ONLY
The later of these are not supported by 1.75.121.0.
This is solved by upgrading the parent device, that is the ME driver itself so the matching heci.inf_amd64_cecc6f95c636ec48 does not require any iclsclient.inf at all.
You will need to grab the relevant heci and iclsclient drivers and put them next to the below script, if you are using it as is.
Also note the use of /deviceid which is Win11 only.
Oh, And the full driver pack for this from Intel is .... 1.3GiB (what you end up grabbing from this is around 60MiB)
I take no responsibility for the below, this works for me and clients I manage, it might not work for you, clients might restart, crash, or not boot (probably not but still, not my fault)
if ((test-path "c:\windows\system32\driverstore\filerepository\iclsclient.inf_amd64_c25dbc60ad3b371a")) {
$iclsdrvs=Get-WindowsDriver -Online | where {$_.OriginalFileName -like "*iclsclient.inf"}
Write-Host "Cleaning driver heci and iclsclient.inf_amd64_c25dbc60ad3b371a, after installing new $($iclsdrvs.Version) $($iclsdrvs.OriginalFileName)"
$hecidrvs=Get-WindowsDriver -Online | where {$_.OriginalFileName -like "*heci.inf"}
Write-Host "Update heci (MEI) driver $($hecidrvs.Version) $($hecidrvs.OriginalFileName)"
$hecidrvinf=[System.IO.Path]::Combine($PSScriptRoot, "heci.inf_amd64_cecc6f95c636ec48", "heci.inf")
pnputil /add-driver $hecidrvinf /install
$hecidrvs=Get-WindowsDriver -Online | where {$_.OriginalFileName -like "*heci.inf"}
Write-Host "Updated heci driver $($hecidrvs.Version) $($hecidrvs.OriginalFileName)"
if ((pnputil /enum-devices /deviceid SWC\PROVIDER_INTEL_COMPONENT_ICLSCLIENT) -like "*SWD\DRIVERENUM\OEM_ICLS_component*") {
$iclsdrvdir=[System.IO.Path]::Combine($PSScriptRoot, "iclsclient.inf_amd64_bc9b92a50d527061_1.75.121.0", "iclsClient.inf")
pnputil /add-driver $iclsdrvdir /install
Write-Host "Cleaning non 1.75 driver"
Get-WindowsDriver -Online | where {$_.OriginalFileName -like "*iclsclient.inf" -and $_.Version -ne "1.75.121.0"} | % { pnputil -d $_.Driver }
pnputil /enum-devices /deviceid SWC\PROVIDER_INTEL_COMPONENT_ICLSCLIENT /drivers
}
else {
Write-Host "Dump sw components and PROVIDER_INTEL_COMPONENT_ICLSCLIENT_ES_ONLY"
(pnputil /enum-devices /class SoftwareComponent /deviceids) -like "*ICLS*"
pnputil /enum-devices /deviceid SWC\PROVIDER_INTEL_COMPONENT_ICLSCLIENT_ES_ONLY /drivers
if ((pnputil /enum-devices /deviceid SWC\PROVIDER_INTEL_COMPONENT_ICLSCLIENT_ES_ONLY) -like "*Disconnected*") {
Write-Host "Cleaning driver since ICLSCLIENT_ES_ONLY Disconnected"
pnputil /remove-device /deviceid SWC\PROVIDER_INTEL_COMPONENT_ICLSCLIENT_ES_ONLY
Get-WindowsDriver -Online | where {$_.OriginalFileName -like "*iclsclient.inf"} | % { pnputil -d $_.Driver }
Write-Host "Cleaning done?"
(pnputil /enum-devices /class SoftwareComponent /deviceids) -like "*ICLS*"
pnputil /enum-devices /deviceid SWC\PROVIDER_INTEL_COMPONENT_ICLSCLIENT_ES_ONLY /drivers
}
}
$iclsdrvs=Get-WindowsDriver -Online | where {$_.OriginalFileName -like "*iclsclient.inf"}
Write-Host "iclsclient.inf driver end $($iclsdrvs.Version) $($iclsdrvs.OriginalFileName)"
}- CVE-2024-6119
- CVE-2024-5535
- CVE-2024-4741
- CVE-2024-4603
- CVE-2024-2511
- https://community.intel.com/t5/Processors/OpenSSL-vulnerability-in-icls-driver-version-1-71-99-0/td-p/1597144
- https://catalog.update.microsoft.com/Search.aspx?q=Intel(R)%20iCLS%20Client%20-%202024
- https://www.reddit.com/r/WindowsHelp/comments/1gzp6id/how_to_manually_update_intelr_icls_client_driver/
- https://www.reddit.com/r/WindowsHelp/comments/1gzp6id/comment/mdzxmll
Today iclsclient.inf_amd64_bc9b92a50d527061 was announced vuln, CVE-2024-13176 (+1) openssl 3.0.15.0