ZDNetAsia : Printer Friendly - Intel sends out Centrino patches

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Asia.
--------------------------------------------------------------

Intel sends out Centrino patches

By Dawn Kawamoto
Thursday, August 03 2006 11:02 AM
URL: http://www.zdnetasia.com/news/hardware/0,39042972,39379356,00.htm

Intel has issued patches for flaws in its Centrino device drivers and ProSet management software that affect the security of the wireless products.

Three flaws are addressed with the updates. One could allow an attacker to break into a PC via Wi-Fi or even create a worm that jumps from one wireless-enabled laptop to another, provided the computers are within each other's range. Another security hole makes the system vulnerable to attacks that let a malicious user gain additional privileges, according to security experts at Sans Internet Storm Center and F-Secure.

Intel's patches address vulnerabilities in its Intel PRO/Wireless 2200BG, 2915ABG, 2100 and 3945ABG Network Connection products, according to a security advisory from the chipmaker.

The vulnerability involving the Intel Centrino wireless driver could allow attackers within range of a Wi-Fi station to access a vulnerable laptop and execute arbitrary code on the target system, according to the Intel advisory.

Graham Cluley, senior technology consultant for security vendor Sophos, said in a media statement: "A hacker could exploit these wireless vulnerabilities to run malicious code on an innocent users' laptop, giving them control over other people's PCs or spreading a wireless worm which could leapfrog from one laptop to the next."

According to F-Secure, the vulnerabilities involving the drivers are "pretty awful" and the patch can be troublesome to download and install because of its size, 129MB.

"You have to manually install this patch, and it is unusually large," said Mikko Hypponen, chief research officer at security company F-Secure. "Most people, especially home users, may not know how to do it, since it is not that straightforward."

Intel offers a complete version of the software for the driver system, which means the download is relatively large, a representative for the chipmaker said.

Security experts note there are no known exploits publicly circulating that have been crafted to take advantage of these flaws.

Sophos' Cluley said: "The good news is that we haven't seen any attacks using this exploit yet, but that doesn't mean computer users should be laid back about applying fixes.

"It is essential that all companies remain alert to the latest security issues, and ensure their business computers are properly defended with the latest patches," he added. "The more time taken to patch a flaw, the greater the opportunity for a malicious hacker to exploit it."

Intel, meanwhile, provides a a link to help users identify vulnerable systems and advises them to install the patches.

ZDNet Asia's Eileen Yu contributed to this report from Singapore.