Critical Wireless Flaw Leaves Windows Users Open To Attack

A critical vulnerability in a wireless driver used in PCs sold by Dell, Gateway, Hewlett-Packard, and others will be tough to patch, a security researcher said Monday, even though exploit code has already been published and attacks are possible.

The vulnerability in the Broadcom wireless driver went public Saturday as part of the "Month of Kernel Bugs" project; the same day, an exploit was added to the Metasploit Framework, a penetration testing tool. Although the researcher who discovered the flaw had earlier reported it to Broadcom, patches may be slow in coming since each computer and third-party wireless card maker tweaks the generic Broadcom code for its own hardware.

"Broadcom supplied a general fix to the general chip vulnerability," said Dean Turner, a senior manager with Symantec's security response team, "but it's very difficult for Broadcom to issue a single patch. Each [computer maker] must create its own patch."

The driver vulnerability and subsequent exploit lets attackers hijack a laptop actively seeking or using a wireless connection, such as when the user is in a public hot spot at an airport or caf.

An alert posted by the all-volunteer ZERT (Zero Day Emergency Response Team) -- best known as the creator of third-party patches for Windows -- spelled out the trouble. "If you are near other users with laptops, you are at risk. If you are using your computer with the wireless card enabled in any public place, you are at risk. Windows is exploitable without the existence of an Access Point or any interaction from the user."