Published August 04, 2006
Intel has updated the software behind its Centrino chip bundle to fix three security vulnerabilities that, in one case, could allow an attacker to execute code remotely on a laptop.
The chip maker on July 28 posted a trio of updates for its Intel/PRO Wireless Network Connection wireless modules.
The Wi-Fi modules, which allow notebooks to connect to 802.11 wireless networks, are part of the chip maker's Centrino chip bundle, which it has offered for notebook PCs since 2003.
The updates generally fix problems with the way Windows drivers and other software associated with controlling them use memory.
Thus far, Intel is not aware of any malicious uses of the vulnerabilities by would be attackers, a company spokesperson said.
However, security of things like 802.11 wireless have been top of mind this week thanks to the Black Hat hacker conference, which is taking place in Las Vegas on Aug. 2 and 3.
The most severe of the three security vulnerabilities, which affects Windows drivers for the Intel 2200BG PRO/Wireless and 2915ABG PRO/Wireless modules, could allow an attacker that's within range of a Wi-Fi station to executive code remotely and ultimately gain control of a system, Intel's support Web site said.
A second Windows driver vulnerability for the Intel PRO 2100, an earlier 802.11b-only module, could be exploited to gain system kernel-level access though the process of injecting specially crafted frames into the driver in concert with using an application loaded on the system, the site said.
The third update changes the way that the Intel PROSet/Wireless Software, which works to control all of Intel's Intel Pro/Wireless Wi-Fi modules, shares memory.
Due to insecure usage of shared memory by the application, it left access to a user's wireless network security information open to an attacker, Intel's Web site says.
Intel, which generally updates its Centrino software about four times per quarter, posted the patches on July 28.
The chip maker has also provided the upgraded software to PC makers for testing and for them to provide it directly to their customers, the Intel spokesperson said.
Intel supplies regular maintenance updates — and not just security patches — with its quarterly Centrino software releases, the spokesperson said.
The three updates, in addition to tools to help users determine the type of module they have, are available from Intel's support site.
Although Intel suggests on the site that notebook owners check first with their machines' manufacturers to determine whether those companies are offering the upgrades as well, given that some manufacturers might have replaced parts of the software or customized it in some way to work with their systems.
Check out eWEEK.com's Desktops & Notebooks Center for the latest news in desktop and notebook computing.
Copyright © 2006 Ziff Davis Media Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Media Inc. is prohibited.