Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Martin McKeay

Security Matters

Severe Intel Centrino vulnerability released

1 comment

IT TOPICS:Hardware, Management, Mobile & Wireless, Networking, Security, Windows & Microsoft

Last year we had Michael Lynn and the Cisco vulnerabilities, this year we have Intel becoming the target. Attackers have discovered major vulnerabilities in the drivers for the Centrino wireless series of devices. So if your laptop has an "Intel Inside Centrino" sticker on it, you have a good possibility of being affected by this set of vulnerabilities. Intel very clearly points out that this is a Windows vulnerability multiple times in their notes.

There are three vulnerabilities; one allows for remote code execution, a second allows privilege escalation, while the third is an information disclosure vulnerability. The only saving grace is the need for physical proximity. The folks at F-Secure believe it might be possible for an attacker to create a virus that leaps from wireless laptop to wireless laptop. This would be especially effective in offices densely packed with vulnerable systems.

The patch is big (129 Mb), and the Internet Storm Center is suggesting that you talk to your vendor about your system's specifics before applying the patch. The Intel patch might have issues with some hardware. I haven't heard of any malware that's been created to take advantage of this yet. Are you going to patch for this vulnerability immediately, wait for a vendor-specific patch or take other measures to safeguard your network?

Email this

Digg this

What People Are Saying

Add new comment

I've installed the patch on

Submitted by Alphaman on August 2, 2006 - 3:08 P.M.

I've installed the patch on my Lenovo ThinkPad R50e only because I volunteered to be the guinea pig for our division. It broke the ThinkVantage Access Connections software in the process -- this program was responsible for orchestrating which network connection I use and the profile settings for my laptop (e.g., preferred homepage, VPN client, firewall, and other apps).

The driver itself (130MB? Who are they kidding? That's not a driver -- that's an application suite!) works as advertised. Lenovo currently has v10.1 of the driver from May on their site (vs. 10.5 from Intel) with no indication as to when they'll be providing 10.5. So it's either break other apps or sit exposed and vulnerable in your coffee shop...

Report this comment

Six of the best: June's IT Blogwatch

Linux's dirty little secret: Uninstall

Cloud computing security--coming soon to a device near you.

Budget losers: Hardware, consultants, Vista, ERP

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?

Top to Bottom Performance Management Excellence at the City of Chicago
View now.

Do more with less thru Netcool?
Learn how IBM Tivoli® Netcool® solutions can help service providers streamline their operations, improve responsiveness and reduce costs.

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

IDC report: Profitability and OSS Support: A Return on Investment Analysis of IBM Tivoli Netcool
IDC studied 14 mobile and fixed-line service providers that implemented Tivoli® Netcool® and found that IBM Tivoli Netcool can help in big ways.

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

All White Papers | All Webcasts