5 Replies Latest reply on May 15, 2018 9:48 AM by Intel Corporation

    NUC Intel Graphics Drivers Using Invalid Digital Signing Certificate

    Dapaul

      In Security Mitigation events found in Windows Event Viewer there are events recorded for DLL's related to Intel Graphics stating that they are not signed properly.  At the moment these are still allowed to be loaded as 'Code Integrity Guard' in Windows Defender Security Centre Exploit Protection is currently only set to 'Audit' mode for svchost.exe (the default Windows 10 setting) rather than enabled fully.

       

      The Windows Hardware Developer Portal certificates for the DLL's are OK and signed by Microsoft with SHA256 certificates (signed on 20 October 2017), however the Intel certificates don't have a valid root certificate.  The root certificate is iKGF_AZSKGFDCS (issued by "Microsoft Digital Media Authority 2005"), which isn't a valid root certificate.  The Intel leaf certificates also aren't time-stamped.

       

      The two DLL's that are flagged in Event Viewer are as follows, however there are other Intel DLL's in System32 that are signed the same way.

       

      • Process '\Device\HarddiskVolume4\Windows\System32\svchost.exe' (PID 2356) would have been blocked from loading the non-Microsoft-signed binary '\Windows\System32\igdusc64.dll'. (Unified Shader Compiler for Intel(R) Graphics Accelerator)

       

      • Process '\Device\HarddiskVolume4\Windows\System32\svchost.exe' (PID 2356) would have been blocked from loading the non-Microsoft-signed binary '\Windows\System32\igd10iumd64.dll'.  (User Mode Driver for Intel(R) Graphics Technology)

       

       

      Is there a reason why these aren't signed by Intel using a proper trusted root certificate?

       

       

      Screenshot of one of the Event Viewer entries:

      001.png


      Screenshot of igdusc64.dll File Properties:

      002.png


      Screenshot of igdusc64.dll leaf certificate details:

      003.png


      Screenshot of igdusc64.dll root certificate details:

      004.png


      Screenshot of Intel Graphics Driver properties:

      005.png

       

       

      --------------------------------------------------------

      NUC - NUC5i7RYH
      Windows 10 Pro - 16299.214
      Drivers supplied via Windows Update