Centrino Patches From Intel: Code Alert

by CXOtoday Staff    Aug 03, 2006

Intel Corp. has disclosed three vulnerabilities in Microsoft Windows drivers and applications for its Centrino-based IntelPRO/ Wireless Network Connection Hardware.

Attackers can exploit these vulnerabilities to execute arbitrary code on target systems remotely, obtain access to wireless network security information or escalate
system privileges to kernel level. Intel has claimed to provide upgrades for this software.

The vulnerabilities are that two problems affect certain versions of its Pro/ Wireless Network Connection Hardware, part of the Centrino mobile platform, these flaws could allow an attacker near a WiFi station to run unauthorized code on a victim’s machine or gain kernel-level privileges.

A third vulnerability affects Intel’s Proset/ Wireless Software. It could lead to a hacker obtaining authentication credentials.

Hackers have made no attempts so far to exploit these vulnerabilities. Public exploits for these vulnerabilities have also not emerged as of now.

To determine whether users are affected by this vulnerability, users can verify what version of the hardware they are running or download the new drivers.

However, Intel warned that the updated drivers are generic ones and that users need to be OEM- specific. The generic drivers have not been verified by manufacturers for compatibility, said Intel.

For the other vulnerability, Intel recommended saving the profile of the Proset/ Wireless Software with the ‘export’ feature before making changes.

These flaws can leave laptops vulnerable and theoretically allow hackers to spread malicious code, including worms, wirelessly between laptops.