Intel warns of Centrino wireless driver flaws

Share this article:

Intel is reporting several vulnerabilities in its Centrino wireless drivers that could lead to remote code execution and an attacker assuming control of a system.

Flaws related to corrupt memory have been identified in the Microsoft Windows drivers for Intel 200BG and 2915ABG PRO network connection hardware, according to an Intel advisory. Hackers within range of the target's Wi-Fi station can execute arbitrary code and gain kernel-level privileges.

"The vulnerabilities are pretty awful," Mikko Hypponen, chief research officer at F-Secure, said on the company blog. "…At least in theory, somebody could write a WLAN virus that would jump from one laptop to another if the laptops are too close to each other. Patch now."

While Intel is not aware of any malicious exploitation of the flaws, the company suggests users upgrade to the latest version of network connection hardware, available on Intel's website.

Researchers from Sophos warned the IT world this week of wireless worms, which can attack mobile devices through the airwaves.

Alan Paller, director of research at the SANS Institute, says the vulnerability is significant because it erodes user's trust in their laptop. He added that because the flaw gives attackers privileged rights, they can avoid encryption.

Bugs such as this will continue to be reported in the coming months, Paller predicted.

You can expect wireless drivers to be major targets for the next three to nine months," he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.

EU conducts massive cyberattack simulation on critical networks

Conducted by the European Union Agency for Network and Information Security, the simulation launched 2,000 attacks on the networks of various critical infrastructure organizations.