Laptop users with Microsoft Windows OSs have been warned that their laptops may be broadcasting the SSIDs of ad-hoc networks without user knowledge.
The unintentional advertisement can lead to an malicious users attaching to the laptop for a further attack, the Nomad Mobile Research Center has advised.
The organization warned users that the flaw is "high (albeit lame)" and said it is "basically a configuration error that spreads virus-like from laptop to laptop."
The flaw also leaves laptops open for their SSIDs to be discovered by malicious users.
"If the attacker is impatient in weaiting for determining the IP address of the victim computer, the attacker can attach to the advertising SSID and offer up a DHCP server," the NMRC said.
Versions of Windows 2000 with service pack 2, 3 and 4, XP Home Edition Gold, XP Professional Gold and with service packs 1 and 2 and Windows 2003 all tested positive for the flaw or were approximated based on passive fingerprinting of network traffic.
The organization also said that Microsoft was contacted on Oct. 13 of last year about the vulnerability.
"After numerous exchanges of emails and a conference call, Microsoft was able to reproduce and isolate the issue within their software," the NMRC said. "As there are multiple and easy-to-implement workarounds for the issue, Microsoft has scheduled to include the fix in the next service packs."
A Microsoft spokesman said Wednesday that ad hoc network users could be lured into a malicious network under limited circumstances. The Redmond, Wash., company reccomended that users update their operating systems and use firewalls.