14 DAY TRIAL // Intel has confirmed the existence of Centrino wireless vulnerabilities that are wide open for exploitation. Intel published material on its site concerning identified vulnerabilities in Microsoft Windows drivers for the Intel 2100 PRO/Wireless Network Connection Hardware, in Microsoft Windows drivers for the Intel 2200BG and 2915ABG PRO/Wireless Network Connection Hardware and in Intel PROSet/Wireless Software 7.x, 8.x, 9.x, and 10.x (PROSet application). The first flaw is related to memory corruption via the management of demands from higher-level protocol drivers or user privileges applications and could be exploited to gain kernel level privileges.
The vulnerabilities in "Microsoft Windows drivers for the Intel 2200BG and 2915ABG PRO/Wireless Network Connection Hardware" are in relation to "the way that they currently handle certain frames. An attacker could potentially exploit these vulnerabilities which could potentially lead to remote code execution and system control" and could be exploited within the range of the Wi-Fi station in order "to execute arbitrary code on the target system with kernel-level privileges," read the flaw descriptions posted by Intel.
The last vulnerability also references mismanagement of shared memory allowing for access to the wireless network information security "such as WLAN pre-shared WEP key and user authentication credentials" in the eventuality of an attack.
"A hacker could exploit these wireless vulnerabilities to run malicious code on an innocent users' computer, giving them control over other people's PCs or spreading a wireless worm which could leapfrog from one laptop to the next," said Graham Cluley, senior technology consultant for Sophos. "The good news is that we haven't seen any attacks using this exploit yet, but that doesn't mean computer users should be laid back about applying fixes. It is essential that all companies remain alert to the latest security issues, and ensure their business computers are properly defended with the latest patches. The more time taken to patch a flaw, the greater the opportunity for a malicious hacker to exploit it."
Although Intel has stated that it is not aware of any exploits concerning these vulnerabilities, the company has already addressed the matter and has issued a security update repairing the flaws, advising its customers to install the patch in order to be safe.
Exploits Surface for 2 Windows Vulnerabilities
Microsoft Internet Explorer Heap Overflow Vulnerability
Windows Vista in the Hands of Asian Hackers
Microsoft Plugs 18 Security Holes
Oracle Fixes 65 Security Vulnerabilities