NUC Intel Graphics Drivers Using Invalid Digital Signing Certificate

idata · ‎02-03-2018

In Security Mitigation events found in Windows Event Viewer there are events recorded for DLL's related to Intel Graphics stating that they are not signed properly. At the moment these are still allowed to be loaded as 'Code Integrity Guard' in Windows Defender Security Centre https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/customize-... Exploit Protection is currently only set to 'Audit' mode for svchost.exe (the default Windows 10 setting) rather than enabled fully.

The Windows Hardware Developer Portal certificates for the DLL's are OK and signed by Microsoft with SHA256 certificates (signed on 20 October 2017), however the Intel certificates don't have a valid root certificate. The root certificate is iKGF_AZSKGFDCS (issued by "Microsoft Digital Media Authority 2005"), which isn't a valid root certificate. The Intel leaf certificates also aren't time-stamped.

The two DLL's that are flagged in Event Viewer are as follows, however there are other Intel DLL's in System32 that are signed the same way.

Process '\Device\HarddiskVolume4\Windows\System32\svchost.exe' (PID 2356) would have been blocked from loading the non-Microsoft-signed binary '\Windows\System32\igdusc64.dll'. (Unified Shader Compiler for Intel(R) Graphics Accelerator)

Process '\Device\HarddiskVolume4\Windows\System32\svchost.exe' (PID 2356) would have been blocked from loading the non-Microsoft-signed binary '\Windows\System32\igd10iumd64.dll'. (User Mode Driver for Intel(R) Graphics Technology)

Is there a reason why these aren't signed by Intel using a proper trusted root certificate?

Screenshot of one of the Event Viewer entries:

Screenshot of igdusc64.dll File Properties:

Screenshot of igdusc64.dll leaf certificate details:

Screenshot of igdusc64.dll root certificate details:

Screenshot of Intel Graphics Driver properties:

--------------------------------------------------------

NUC - NUC5i7RYH

Windows 10 Pro - 16299.214

Drivers supplied via Windows Update

idata · ‎02-05-2018

Hello Dapaul,

Thank you so much for contacting us.

We received your thread and I understand that you are having issues with our latest Intel drivers for your Intel NUC5i7RYH.

Please accept our apologies for the inconvenience that this could be causing.

All the information attached to the account was extremely helpful.

We are currently performing further research about the issue that you have been experiencing in order to provide you with a more accurate answer regarding the problem.

This may cause a brief delay on our replies; I really appreciate your patience.

As soon as we have the results I will share the resolution with you.

Hope to hear from you soon.

Best regards,

Diego S.

idata · ‎02-13-2018

Hello Dapaul,

Thank you for your patience.

I just wanted to inform you that we are reviewing your case.

As soon as I have an answer I will get in touch with you.

Best Regards,

Diego S.

idata · ‎02-13-2018

Hi Diego

That's fine. Thanks for keeping me informed.

idata · ‎05-10-2018

Hello Dapaul,

Thank you for your patience, we really appreciate it.

We have released a new 15.40 driver, version 15.40.38.4963 that has gone through WHQL (Windows Hardware Quality Labs) thus there should be no issue with the .dll signatures.

Can you go ahead please perform an update and then let us know the outcome?

Here is the direct download link:

https://downloadcenter.intel.com/download/27780

I hope to hear from you soon.

Best Regards,

Diego S.

idata · ‎05-15-2018

Hello Dapaul,

I was checking your case, and I just wanted to know if there is anything else that we can do for you at this time.

Please do not hesitate on replying back if you need more assistance.

Best Regards,

Diego S.