Last year we had Michael Lynn and the Cisco vulnerabilities, this year we have Intel becoming the target. Attackers have discovered major vulnerabilities in the drivers for the Centrino wireless series of devices.
So if your laptop has an “Intel Inside Centrino” sticker on it, you
have a good possibility of being affected by this set of
vulnerabilities. Intel very clearly points out that this is a Windows
vulnerability multiple times in their notes.
There are three vulnerabilities; one allows for remote code execution, a second allows privilege escalation, while the third is an information disclosure vulnerability.
The only saving grace is the need for physical proximity. The folks at
F-Secure believe it might be possible for an attacker to create a virus
that leaps from wireless laptop to wireless laptop. This would be especially effective in offices densely packed with vulnerable systems.
The patch is big (129 Mb), and the Internet Storm Center is
suggesting that you talk to your vendor about your system's specifics
before applying the patch. The Intel patch might have issues with some
hardware. I haven't heard of any malware that's been created to take
advantage of this yet. Are you going to patch for this vulnerability
immediately, wait for a vendor-specific patch or take other measures to
safeguard your network?