← All drivers
vulnerable
Driver

iqvw64.sys

Intel Ethernet diagnostic driver (legacy)

From Intel Corporation
Part of the Intel family
Status
On a known-vulnerable list
Known variants
19 distinct hashes
Public CVEs
1
Field notes

iqvw64.sys is a legacy Intel Ethernet diagnostic driver, originally bundled with Intel's PROSet networking software. Intel patched the underlying flaw (CVE-2015-2291) over a decade ago, but the older signed binary still loads on modern Windows.

It has become one of the most-documented BYOVD targets in public security research, including in the public reporting on the Slingshot and Equation APT campaigns and, more recently, on RobbinHood-family extortion software that used it to disable security drivers. The presence of the driver name in those write-ups is what keeps it on every blocklist; the underlying gaming PC reality is much more boring.

Most current Intel network software does not include this driver. If you find it, look for an outdated Intel networking utility and update it.

What the record shows

iqvw64.sys is listed as a known-vulnerable driver on the public LOLDrivers project. 19 distinct binary hashes matching this filename are on record, meaning multiple versions of the file have been observed.

Public CVEs
What this means, plainly
Presence is not proof of misuse. Driver files on the LOLDrivers list commonly ship with legitimate hardware tools, gaming software, or vendor utilities. Their presence is recorded as evidence on a record. It is never treated as a verdict about a person.
Related drivers

Other drivers in the Intel family. See the whole family →

Source

Status data comes from the public LOLDrivers project, a community-curated registry of drivers known to be vulnerable or malicious. The snapshot Vera uses was refreshed July 10, 2026. CVE links go to the NIST National Vulnerability Database.

Cite this entry

Vera Project. “iqvw64.sys.” Vera Field Guide (Driver). The Vera Project. https://www.veraproject.xyz/field-guide/drivers/iqvw64-sys