The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Severe Intel Centrino vulnerability released

Posted by Xavier Ashe on August 2, 2006

Last year we had Michael Lynn and the Cisco vulnerabilities, this year we have Intel becoming the target.  Attackers have discovered major vulnerabilities in the drivers for the Centrino wireless series of devices
So if your laptop has an “Intel Inside Centrino” sticker on it, you
have a good possibility of being affected by this set of
vulnerabilities.  Intel very clearly points out that this is a Windows
vulnerability multiple times in their notes.

There are three vulnerabilities; one allows for remote code execution, a second allows privilege escalation, while the third is an information disclosure vulnerability
The only saving grace is the need for physical proximity.  The folks at
F-Secure believe it might be possible for an attacker to create a virus
that leaps from wireless laptop to wireless laptop.  This would be especially effective in offices densely packed with vulnerable systems. 

The patch is big (129 Mb), and the Internet Storm Center is
suggesting that you talk to your vendor about your system's specifics
before applying the patch.  The Intel patch might have issues with some
hardware.  I haven't heard of any malware that's been created to take
advantage of this yet.    Are you going to patch for this vulnerability
immediately, wait for a vendor-specific patch or take other measures to
safeguard your network?

From Martin McKeay at ComputerWorld Blogs.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: